In there you are almost telling people that security through obscurity is a
good way.
That might sometimes be true but in this case it could mean that you would be
handing passwords and other data out.
When you start SSH on port 22 it is done with root privileges because the root
user is the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/2014 03:45 PM, Theodor Sigurjon Andresson wrote:
In there you are almost telling people that security through
obscurity is a good way. That might sometimes be true but in this
case it could mean that you would be handing passwords and
To change it to unassigned privileged port would be a much better idea if the
user insists on changing it. I personally don't like the idea of security
through obscurity at all.
However if I remember correctly there are some programs that depend on SSH to
be run on port 22. Usually easily
The context for ssh !22 is about what others could/would do to a ssh
daemon. This includes script kiddies or some zero day exploit trolling for
*easy* targets. If you have someone creating a listener on the server, you
have an entirely different issue. How often do you randomly connect to some
Yes, when securing your services you *layer* defenses that could include using
STO. But when STO is set up in a wrong way it can lead to a security issue. It
isn't good to protect your services to slow down or prevent an attack by
opening up a security risk. As in this case changing the port of
On 10/03/2014 04:17 AM, Theodor Sigurjon Andresson wrote:
Yes, when securing your services you*layer* defenses that could include using
STO. But when STO is set up in a wrong way it can lead to a security issue. It
isn't good to protect your services to slow down or prevent an attack by
attachment was scrubbed...
URL:
http://lists.centos.org/pipermail/centos-docs/attachments/20141002/b47fb1a0/attachment-0001.html
--
Message: 5
Date: Fri, 3 Oct 2014 01:17:09 +
From: Theodor Sigurjon Andresson theodors...@kvenno.is
To: Mail list for wiki articles centos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/2014 04:47 PM, Theodor Sigurjon Andresson wrote:
To change it to unassigned privileged port would be a much better
idea if the user insists on changing it. I personally don't like
the idea of security through obscurity at all. However if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/2014 09:11 PM, Manuel Wolfshant wrote:
Incidentally I am a fan of using iptables (recent match) to limit
the number of admissible attempts from any given IP to connect to
sshd ( yes, I know, it has nothing to do with the initial concern
