New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
harumph.
I mean ... if it's just my own stuff, I usually do change the ssh port to something other than 22 just to cut down the size of my logfiles.
But if I have to explain how to work with
-p
flags and all that to someone else - maybe some big old slow-moving kinda bureacratic but deep-pocketed customer type ... yeah, no - like you said, got other things to do today.But I'm really not too savvy with all this interweb stuff myself, so ... genuinely curious, if you do find some time to explain would certainly appreciate whatever additional insight you can share.
There are no winners in posting on a forum on Saturday morning!
Isn't Saturday morning the time for little league, etc? Where is that competitive spirit?
Sunday morning is far worse in Canada.
Every boys and gals smell like rotten fish here on Sunday morning.
https://lmgtfy.com/?q=why+port+22+is+bad
Roger that , DO is filled with Indian spam emailers using multiple IPs and hard to catch
smh ... so - true story - I plugged that search query "why port 22 is bad" into DDG just now ...
first result:
https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
point being - opinions are like assholes. The internet is full of them.
if you get a chance, could you maybe point me to a link reflecting your chosen one? (plz no goatse)
Or just put it in a nutshell for me - if it's that obvious the slightest clue will probably do.
I'm a shit-poster, not a mind-reader!
Am confuse. Please advice.
Changing from port 22 serves only to reduce the number of automated attempts against your server. It can save small amounts of disk space as there may be less logs as a result. It provides no increase in security.
Not opinion, facts. But we all know that, this is a time honored LET topic.
I use 22 everywhere, idiot checking in
It's easier said than done and it's not that simple. sshd got started at boot. So if it's listening port 2222, how could another script also listen on that port? Further more, Upon connecting to a server with a wrong signature, any decent ssh client would error out and quit or at least give a warning. Even on the first time connecting, it would ask for sig verification.
If you are ignorance enough to use passwords on SSH connections you have much bigger problems that this.
Moving sshd to a non-standard port saves CPU cycles from having to deal with bruce-force attacks. Better yet, run SSH over wireguard.
Its not dead, its mostly automated because the number of incidents has increased exponentially, and its not feasible anymore for a person to inspect each incident, replies are slow and mostly provided only when required by law, or in case serious incidents happen (e.g. child pornography), having your ports probed in 1-2 hours after you power on your server is something normal these days.
Changing the SSH port is fine, or at least restricting access to port 22 to certain sources is a good thing and there are no strong arguments against it.