[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] Why you should not have ssh on port 22.
- To: list <list@xxxxxxxxxxxxx>
- Subject: Re: [LUG] Why you should not have ssh on port 22.
- From: simon@xxxxxxxxxxxxxx
- Date: Tue, 10 Feb 2015 21:28:20 +0300
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1412586362; h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:References:In-Reply-To:Message-ID:Date:MIME-Version:To:From; bh=kg4F23EbgNkZE3BsnGablk7pG0P7lIddAw8LWPw8mq8=; b=YMUTZjKXTYQ/mqwGaZ8obQCvpIwxjnvEK4PkyFiXqmy61ofYhfQRwSqmKb7rswXlTCJPg0aK1zTFEXLWjefRFIIFuRZZKELzfcubk+0fGw3o4h6blsbkj6CQ3TNt/Betlg9ElG2FFKD0Qx2LKr6DK+h7pnK16VWIZ5POmj19Rmc=;
Root port issue is a bit of a red herring.
You identify SSH servers by the server fingerprint, if this has changed either it's been reinstalled or hacked. This applies whichever port it runs on.
The only issue with higher port numbers is something could bind to the port before ssh starts thus disabling your access.
The biggy in my view is avoiding version 1 of the protocol, but probably showing my age by even mentioning it.
Key management is also a pain, almost everyone does it badly.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
