[CentOS-docs] Securing SSH --> Change ports

Thu Oct 2 23:49:37 UTC 2014
PJ Welsh <pjwelsh at gmail.com>

The context for ssh !22 is about what others could/would do to a ssh
daemon. This includes script kiddies or some zero day exploit trolling for
*easy* targets. If you have someone creating a listener on the server, you
have an entirely different issue. How often do you randomly connect to some
system on port 2222 and provide *your* username and password? I am *not*
saying security through obscurity = security, but many IDS/IPS/anti-port
scanners will begin defensive actions when you plow through ports looking
for ssh connection. So instead of being an easier 1 port script kiddie
target you *layer* defenses (including possible STO). Basically anything to
slow down or deter or prevent an attack is good IMHO.

Just my 2cents of course.

pjwelsh

On Thu, Oct 2, 2014 at 5:45 PM, Theodor Sigurjon Andresson <
TheodorSiAn at kvenno.is> wrote:

> In there you are almost telling people that security through obscurity is
> a good way.
> That might sometimes be true but in this case it could mean that you would
> be handing passwords and other data out.
>
> When you start SSH on port 22 it is done with root privileges because the
> root user is the only one that can use ports below 1024. Root is the only
> user that can listen to that port or do something with it. If you move the
> port to 2222 for example you move SSH to a port that can be used with out a
> privileged user. This would mean I could write a script that listens to
> port 2222 and mimics SSH to capture the passwords. Changing the port of SSH
> to 2222 or anything above 1024 makes SSH less secure. Pretty ironic that
> this is in the "Securing SSH" chapter.  This should never be done.
>
> Location:
> http://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec
> username: TheodorAndresson
>
> _______________________________________________
> CentOS-docs mailing list
> CentOS-docs at centos.org
> http://lists.centos.org/mailman/listinfo/centos-docs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-docs/attachments/20141002/b47fb1a0/attachment-0004.html>