[sllug-members]: SSH question
Matthew Hatch
matthew at azza.com
Thu Apr 17 08:04:17 MDT 2008
I usually leave the server listening on port 22 and just do a port
redirect from incoming port whatever to port 22 on the server. If your
router supports that, it's the easier way to go. Then you only have to
worry about different ports when you're outside of your firewall.
mark.k.spute at l-3com.com wrote:
> Good Morning List
>
> <alert=newbie>
>
> I have a server at home (FC-1) running Bind, Sendmail, Apache, procmail,
> etc. It's my mail and webserver only. I have been getting a large
> number of dictionary attacks on SSH. In excess of 500 per day. I'm
> trying to tightenup my security. I started by changing SSH from
> listening on port 22 to listening on port 3022. I updated both
> SSH.config and SSHD.config to listen on port 3022. I also changed the
> port forwarding on my router to forward port 3022 to the server's IP
> address. After reloading SSHD I tried to log in to my server using
> putty from inside the firewall, and I've tried to login using putty from
> outside the firewall, but I cannot connect.
>
> What am I doing wrong?
>
> Also, I am aware that security by obfuscation is not a good way to lock
> down a server, but it's just the first layer of what I hope will be a
> multi-layer approach.
>
> </alert>
>
> Thanks for listening.
>
> Mark
>
>
> ------------------------------------------------------------------------
>
> ______________________________________________________________________
> See http://www.sllug.org/ for latest SLLUG news, information, links.
> Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> sllug-members at sllug.org
> http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
More information about the sllug-members
mailing list