18 May
2016
18 May
'16
4:25 a.m.
On Tue, 2016-05-17 at 20:12 -0400, Jonathan Billings wrote:
On May 17, 2016, at 7:56 PM, Always Learning centos@u68.u22.net wrote:
(1) I would change the port from 22 to something more difficult to guess, perhaps 49026 (for example) and then block port 22 in the firewall.
If you’re going to change the port, change it to something <1024. You don’t want to have sshd running on a port that a non-root user can bind to.
But if, as I suggested, the enquirer restricts access to that port to his own IP, access attempts from other IPs will fail. Ports > 1024 can be accessed by authorised non-root users using the authorised originating IP whilst preventing access from all other IPs.
--
Regards,
Paul.
England, EU. England's place is in the European Union.