l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2006 Sep 22 14:22

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Re: security dilemma
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Re: security dilemma



> >Someone else mentioned it also, but I will say it
> >again, using a 
> >different port helps reduce the ammount of automated
> >attacks that hit your 
> >system. I use both port 22, and a different higher
> >number port. I 
> >firewall the use of port 22 to a smaller set of
> >addresses and leave the higher 
> >port open to the world. 
> 
> 1. How can you force an incoming SSH connection to
> switch ports like that?

On the client side, you have to tell your ssh utility to point to a different port. The command line utilities I use have an option to use "-p <port>" or "-P <port>" to select a nonstandard port. The server also has to be configured to listen to that port. In the config file for openssh you change (or add) the line "Port XXXX" to tell it to listen to that port.
 
> 2. Wouldn't a port scanner easily detect the
> higher-numbered port? I thought that's what scanners
> do; find ports that are open because they have
> services listening on them. I don't understand how
> having 2 ports open through the firewall instead of
> one is helpful from a security standpoint. Maybe I'm
> missing something.

Yes, a port scanner could detect a ssh server operating on a nonstandard port, but it has to take time to scan for the port first. After it has found the port, it then could proceed to guess passwords. The reason to do this is to add another step that they hacker has to take to get in. It is just another layer in your security blanket. Plus, it is easy to detect portscans. You could then setup something that blocks that ip at the firewall before it starts guessing passwords.

Having 2 ports open does increase your vulnerability slightly. The reason I do it is for convenience. I use my firewall to only allow access to port 22 from 2-3 ip addresses. This does not decrease my security by enough for me to care. I put ssh on an additional nonstandard port that is available to the entire internet. Although it is possible for someone to portscan me and find it, I have yet to have dictionary attacks hit my ssh service. This allows me to connect from a machine that isn't one of my 2-3 usual ones. (which I do from time to time.) If you never need to connect from a machine other than the one you mentioned, setting up a second port wouldn't be useful for you.

Orson Jones
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.