dhis2-devs team mailing list archive

[Bob Jolliffe <bobjolliffe@xxxxxxxxx>]

Some interesting thoughts but i wouldn't buy his main argument (I've read
it before).  The last comment by 'Dicer; is important.  Of course your sshd
can be discovered (using nmap or the like) but it takes a little time.
Time which is generally more profitably spent hunting down the next port 22
listener.

For the "annoying" -P problem of scp (and other progarms like rsync) which
expect ssh on port 22, that's what ~/.ssh/config is for :-)  See
http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/
for example.

Having said that its really important to know that shifting the port is one
of a number of measures, not a solution in itself - the more important
being disabling root access and password authentication.

Port knocking is clever .. used to do this on SA gov periphery firewalls.
Haven't really bothered in recent times, but maybe something to consider in
these turbulent times.

Meanwhile i continue to shift my ssh port and encourage others to do the
same :-)

Cheers
Bob

On 28 September 2014 17:09, Lars Helge Øverland <larshelge@xxxxxxxxx> wrote:

> "Why putting ssh on another port than 22 is a bad idea":
>
>
> https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
>
> Lars
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>