To change it to unassigned privileged port would be a much better idea if the user insists on changing it. I personally don't like the idea of security through obscurity at all. However if I remember correctly there are some programs that depend on SSH to be run on port 22. Usually easily changed but sometimes it can't be. I might be wrong though. ________________________________________ From: centos-docs-bounces at centos.org [centos-docs-bounces at centos.org] on behalf of Karsten Wade [kwade at redhat.com] Sent: Thursday, October 02, 2014 22:49 To: centos-docs at centos.org Subject: Re: [CentOS-docs] Securing SSH --> Change ports -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/02/2014 03:45 PM, Theodor Sigurjon Andresson wrote: > In there you are almost telling people that security through > obscurity is a good way. That might sometimes be true but in this > case it could mean that you would be handing passwords and other > data out. > > When you start SSH on port 22 it is done with root privileges > because the root user is the only one that can use ports below > 1024. Root is the only user that can listen to that port or do > something with it. If you move the port to 2222 for example you > move SSH to a port that can be used with out a privileged user. > This would mean I could write a script that listens to port 2222 > and mimics SSH to capture the passwords. Changing the port of SSH > to 2222 or anything above 1024 makes SSH less secure. Pretty ironic > that this is in the "Securing SSH" chapter. This should never be > done. > > Location: > http://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec > > username: TheodorAndresson > > _______________________________________________ CentOS-docs mailing > list CentOS-docs at centos.org > http://lists.centos.org/mailman/listinfo/centos-docs > What do you think about using a privileged but unassigned port such as 101? - - Karsten - -- Karsten 'quaid' Wade .^\ CentOS Doer of Stuff http://TheOpenSourceWay.org \ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQt1pcACgkQ2ZIOBq0ODEEpMACeMdWaOLnXlwJNzKKGjhGopviq TVkAoJXSaHTe/7PmdAEhzzmSjkzL02es =y+y6 -----END PGP SIGNATURE----- _______________________________________________ CentOS-docs mailing list CentOS-docs at centos.org http://lists.centos.org/mailman/listinfo/centos-docs