[NCLUG] openssh

Michael Dwyer mdwyer at sixthdimension.com
Tue Jan 15 15:59:46 MST 2002


Mike Loseke wrote:
> 
>  Just a question for all them folks what am smarter den me...
> 
>  Would running sshd on a port other than 22 help at all in the known SSH
> exploits? I happen to run mine on a much different port and haven't seen
> much except the occassional reverse mapping failure.

You may slow down the problem, but you will not stop a determined system
attack.  For what it is worth, automated tools are searching the *known*
SSH, lpd, portmap, ftp, etc ports for programs to exploit.  If you run
on an alternate port, they usually will not find them unless they take
to time to do a full portscan of your machine.  And full portscans are
not normally done unless one person has a particular vendetta against
you.

If someone DOES do a full portscan, they will find the alternate port
almost immediately -- and by simply telnetting to it, they will see the
good ol' SSH banner, and will know what to use to attack that port.

This is "security by obscurity", and while it works for a while,
security people will look down their noses at you and shake their heads.

Its the same as sticking burglar alarm stickers on your house.  Sure,
they will stop the casual burglar, but if someone actually wants in your
house, they *will* get it.



More information about the NCLUG mailing list