HI All, With my new firewall in place, it has opened my eyes to how much traffic gets blocked in a single day and also what are the most active rules. I get *a lot* of requests for port 22. How does one switch ssh ports? What is a good port to use? What ramifications does it have when I need to ssh in? Is it as simple as ssh user at hots:port? Best, -ML
On Sat, 2009-10-24 at 05:56 -0700, ML wrote:> HI All, > > With my new firewall in place, it has opened my eyes to how much > traffic gets blocked in a single day and also what are the most active > rules. I get *a lot* of requests for port 22. > > How does one switch ssh ports? What is a good port to use? What > ramifications does it have when I need to ssh in? Is it as simple as > ssh user at hots:port?---- I suppose it's easier to ask a list than to actually look at man pages. man sshd_config man ssh if there's something you don't understand after reading the man pages and trying things out for yourself, the list will be more useful to you. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
> How does one switch ssh ports? What is a good port to use? What > ramifications does it have when I need to ssh in? Is it as simple as > ssh user at hots:port? >In /etc/ssh/sshd_config replace "port 22" with "port <whatever high port (> 1024) you like>" Then configure your ssh clients accordingly. I was having my logs filled with *literally* hundreds of connection attempts to port 22 every single day. Since I moved ssh to another port that stopped. Also, disable password authentication and use public/private key pairs as certification.
On 24/10/2009, at 11:26 PM, ML wrote:> HI All, > > With my new firewall in place, it has opened my eyes to how much > traffic gets blocked in a single day and also what are the most active > rules. I get *a lot* of requests for port 22.Look in /etc/ssh/sshd_config You can specify the port there, it's the first option which is commented out.> > How does one switch ssh ports? What is a good port to use? What > ramifications does it have when I need to ssh in? Is it as simple as > ssh user at hots:port? >To specify another port you need to use ssh -p X -l whateveruse IP I don't think there are any ramifications/disadvantages of running the SSH daemon on a non standard port.> Best, > -ML > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
ML wrote:> HI All, > > With my new firewall in place, it has opened my eyes to how much > traffic gets blocked in a single day and also what are the most active > rules. I get *a lot* of requests for port 22. > > How does one switch ssh ports? What is a good port to use? What > ramifications does it have when I need to ssh in? Is it as simple as > ssh user at hots:port? >Pretty much everything you need to know about SSH is on the Wiki here: http://wiki.centos.org/HowTos/Network/SecuringSSH Why don't people use the Wiki? These same topics come up over and over again, and no one ever refers to the resources available on the Wiki?
As mentioned previously, requiring certificates, and not allowing interactive logins, is safest. But even if you decide to allow interactive logins, there are things you SHOULD do. Disable admin/root login. Update sshd so that only named users can login via SSH, all other users that might be on the system cannot login. Require SSH 2 as mentioned in another email. it probably helps too if the named user isn't a "common" name, like mark, etc, like I've seen in logs when I've perused them. Running firewall tools that block IP addresses with several failed attempts. And, of course, a strong password. I've never setup certificates for my private, personal, use to my box. But I've disabled root login, only 1 account can connect, ssh2 is required, I don't use a "common" name,. An I have a strong password. On Oct 24, 2009, at 7:56 AM, ML wrote:> HI All, > > With my new firewall in place, it has opened my eyes to how much > traffic gets blocked in a single day and also what are the most active > rules. I get *a lot* of requests for port 22. > > How does one switch ssh ports? What is a good port to use? What > ramifications does it have when I need to ssh in? Is it as simple as > ssh user at hots:port? > > Best, > -ML > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
ML wrote:> HI All, > > With my new firewall in place, it has opened my eyes to how much > traffic gets blocked in a single day and also what are the most active > rules. I get *a lot* of requests for port 22. > > How does one switch ssh ports? What is a good port to use? What > ramifications does it have when I need to ssh in? Is it as simple as > ssh user at hots:port?Perhaps the first thing I do on a new server is: vi /etc/ssh/sshd_config And uncomment the port line, change the port number to my favorite port number, save the file, then restart sshd. I much perfer this method to setting up port limiting runs in iptables and ip6tables.