imthenachoman
commented
3 years ago If they scan for open ports they will still find it open. I don't know how much value there is in hiding the port. Something like a port knocker might help.
Closed MoeT-collab closed 3 years ago
imthenachoman
commented
3 years ago If they scan for open ports they will still find it open. I don't know how much value there is in hiding the port. Something like a port knocker might help.
iyesin
commented
3 years ago @imthenachoman, As person, operating 100s of servers in production, I would say, that switching default ssh port from 22 to something high-port (1024+) have huge impact. The frequency of password-bruteforcing-attempts (all unsuccessful due to disabled password auth) drops from tens-per-second to singles per minute. Port-knocking or web-knocking reducing this numbers to zero, of course.
initiateit
commented
3 years ago @iyesin If you specify a port below 1024 you prevent unprivileged processes from binding to it and impersonating it.
sbrl
commented
3 years ago @iyesin: Indeed - but it's worth noting that things like moving the ssh port is perhaps best presented as a way to reduce computational load and annoying messages /var/log/auth.log, rather than a real security measure.
hellresistor
commented
3 years ago I can sure, with own exp, using ssh default port (22), on some VPS's you will automatic get bots bruteforcing the 22 port .... Same way if you want use default port. disable passwords authentication and set a ssh keyfile ;)
https://gist.github.com/hellresistor/108d965b32a907558ed101e9a0f4326c
On the SSH server config, it is always a good practice to change the TCP port value from 22 to a random one (example 6222). This will help avoid bad actors randomly scanning for open default ports.
Then the new SSH port should be allowed in through UFW.