> On 12/02/15 20:03, Warren Young wrote: > > Hi, just a quick note to whoever is maintaining this page: > > > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > > > The procedure is missing the firewall-cmd calls necessary in EL7: > > > > firewall-cmd --add-port 2345/tcp > > firewall-cmd --add-port 2345/tcp --permanent > > This is horrible advice anyway. It's not a good idea to run SSH on a port greater than 1024 since if a crash exploit is used to kill the process a non-root trojan process faking SSH to gather credentials could then bind on that port trivially totally compromising the system. If you really want to SSH to a port other than 22 for a little obscurity use an iptables dnat to map the high port to local host 22 and block 22 from external connections. That way SSH is still binding to a low port restricted to the root user and you can still get a little of that security through obscurity being desired.