[vox-tech] Why change default ssh port?

Rick Moen rick at linuxmafia.com
Fri Jun 16 18:26:00 PDT 2006


Quoting Ryan (cjg5ehir02 at sneakemail.com):

> SSH is very easy to configure client-side to default to diffrent ports for 
> diffrent hosts, and that is a one-time operation (you don't use SSH from 
> untrusted hosts, do you?[1]).

;->  

I have cautionary anecdotes I could give you, about compromise of the
$COMPANY corporate network (but not of my own machines) because some
nitwit $COMPANY sysadmin ssh'd out to shells.sourceforge.net^W^W^W^W^W
some public Internet host that had been compromised, and then ssh'ed or
scp'ed back in.

And then there was another possibly recognisable but carefully unnamed
Linux firm where I was chief sysadmin but greatly distrusted the Chief
Technical Officer (with good reason), and therefore bought a used laptop
that I _always_ used for encrypted comunication, in order to ensure
integity of both ends (because I had reason to doubt the integrity of my
company-issued workstation.


But it's possible that you're missing my point:  I'm _not_ saying it's
difficult to use a variety of pots.  I'm saying (among other points)
that it's beneath my dignity to hide my Internet presence from script
kiddies, bots, spammers, enterprising Nigerians, etc., and that I have
better and more dignified ways of making them vanish into deserved
obscurity.


> And I do want to know about any cracking attempts, but at the same
> time I want to reduce the volume of them that get to talk to my
> server.  

Alternative approach:  Use superior technology so you don't have to
care, regardless of volume.


> Likewise, I make my email addresses hard to come by 
> because that is easier then deailing with large volumes of spam.

I use a third alternative:  effective technical measures at my MTA.

Again, I'll be damned if I'll ever be driven away from having a fully
public Internet presence.  We were here first, and we're better at this
than they are.  

I'm glad your approach works for you.  I'm just explaining mine.

(Linux Gazette obscures my e-mail address on its roster of editors, but
that's against my mild objection to the practice.  I don't raise a fuss
because it'd create unjustifable work to remove the munging from my
address alone -- but Ben Okopnik, the editor in chief, is aware of my 
opinion, and appreciates my not insisting.)


More information about the vox-tech mailing list