Securing SSH access

Lonnie Olson lists at kittypee.com
Tue Apr 22 14:55:28 MDT 2008


On Tue, 2008-04-22 at 11:55 -0600, Steve Morrey wrote:
> Or just set it to something way off in the boonies but be consistent
> about
> it.
> For instance almost all of my servers have SSH at 2774 which if you
> look at
> it on a phone turns out to be 2SSH or my secondary SSH port.  How hard
> is it
> to type ssh myserver.com -luser -p2774
> For the extra bonus of rarely (or never) seeing a dictionary attack I
> think
> the extra 6 keystrokes are totally worth it.  But you do have to use
> something you can remember and use it consistently

First of all, I see tons of extra keystrokes in there.  
Most of the time I just type "ssh server".  That's it, username is the
same everywhere, and the port is always the default.  It would take an
additional *7* characters to change the port " -p2774", don't forget
that space, it still counts.  Also compare the 7 extra characters in
relation to the total command.  "ssh server" 10 chars vs. "ssh server -p
2774" 17 chars.  Almost a 60% increase in the length of the command.  To
me, 60% is *not* negligible.

Also consider the number of times a day I actually run ssh, about 30-60
times a day on average.  It is a big deal.  

So I see two options to reduce the work to a one time operation:
1. setup my ~/.ssh/config file for all possible contingencies
or
2. Secure my public ssh servers very carefully.

I'll leave it on port 22, and just practice good security.

--lonnie




More information about the PLUG mailing list