[CentOS] Securing SSH wiki article outdated

Lamar Owen lowen at pari.edu
Fri Feb 13 14:46:25 UTC 2015


On 02/13/2015 09:15 AM, Chris Adams wrote:
> Yeah, the old "move stuff to alternate ports" thing is largely a waste 
> of time and just makes it more difficult for legitimate use. With 
> large bot networks and tools like zmap, finding services on alternate 
> ports is not that hard for the "bad guys". 

Having SSH on 22 is lower-hanging fruit than having SSH on a different 
port.  Sure, an NBA all-star will be able to reach the apples at the top 
of the tree easily, but most people are not NBA all-stars.  Most 
port-scanners do not scan all possible ports.

And I am fully aware that people in the 'it's a waste of time' camp are 
unmoved by that.  It's not worth arguing about; those who move to 
non-standard ports are going to want to do it anyway.




More information about the CentOS mailing list