On Tue, 2015-09-22 at 18:52 -0400, Fred Smith wrote:> well, not 2222, but another port I won't identify here, and it > is forwarded to 22 on my linux box.Could an 'idea' also be to close permanently port 22 and configure SSH to use a completely different port ? Inviting hackers by having a functioning, in one way or another, port 22 is asking for trouble. -- Regards, Paul. England, EU. England's place is in the European Union.
On Wed, Sep 23, 2015 at 03:32:21AM +0100, Always Learning wrote:> > On Tue, 2015-09-22 at 18:52 -0400, Fred Smith wrote: > > > well, not 2222, but another port I won't identify here, and it > > is forwarded to 22 on my linux box. > > Could an 'idea' also be to close permanently port 22 and configure SSH > to use a completely different port ? > > Inviting hackers by having a functioning, in one way or another, port 22 > is asking for trouble.Paul, thanks for the comment. what you suggest is what my original post was asking about. Now, the externally visible port is not 22. my original post was asking for advice on tweaking the router to close 22, since I could find no method for that in the router's UI. not wanting to have to write iptables rules for the router, I found another method that effectively shuts off port 22. 22 IS NOT OPEN to the world any more. -- ---- Fred Smith -- fredex at fcshome.stoneham.ma.us ----------------------------- "For him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy--to the only God our Savior be glory, majesty, power and authority, through Jesus Christ our Lord, before all ages, now and forevermore! Amen." ----------------------------- Jude 1:24,25 (niv) -----------------------------
On Tue, 2015-09-22 at 22:52 -0400, Fred Smith wrote:> Paul, thanks for the comment. what you suggest is what my original > post was asking about. > > Now, the externally visible port is not 22. my original post was asking > for advice on tweaking the router to close 22, since I could find no > method for that in the router's UI. not wanting to have to write iptables > rules for the router, I found another method that effectively shuts off > port 22. 22 IS NOT OPEN to the world any more.Hi Fred, That is great. When I started on Linux that was one of the very first things I did. Every machine, including servers, has port 22 replaced by a unique alternative port. Port 22 is also blocked in IPtables. There is an army of dangerous nutters attempting to break-in to everything. They often mask their attacks using compromised Windoze computers all around the world. -- Regards, Paul. England, EU. England's place is in the European Union.