On Mon, Oct 26, 2009 at 23:54, David Suhendrik wrote:
> Need more secure only allow access ssh from intranet or by VPN.
> CMIIW
Not a bad suggestion. It's somewhat more heavyweight and restrictive,
but if you're paranoid enough to worry about 0-day OpenSSH server
exploits, this could help you sle
http://www.iana.org/assignments/port-numbers
See unassigned port, and You should to use it
Need more secure only allow access ssh from intranet or by VPN.
CMIIW
Regards,
David
./nobody
Michael Kress wrote:
> ML wrote:
On 10/26/2009 07:41 PM, Michael Kress wrote:
> ML wrote:
>
>> So I added Port 2977 Under Host *
>>
>> So I have:
>> Host *
>> Port 2977
>>
>>
> Never post your real port number here. Otherwise you don't need to hide
> it from the public. Right? ;-)
>
I'm not sure if this is a serious
ML wrote:
> So I added Port 2977 Under Host *
>
> So I have:
> Host *
> Port 2977
>
Never post your real port number here. Otherwise you don't need to hide
it from the public. Right? ;-)
Regards
Michael
--
Michael Kress, kr...@hal.saar.de
___
Cen
2009/10/25 Les Mikesell :
> Gilbert Sebenste wrote:
>> On Sat, 24 Oct 2009, Philip Gwyn wrote:
>>
>>> On 24-Oct-2009 Oliver Ransom wrote:
I don't think there are any ramifications/disadvantages of running the
SSH daemon on a non standard port.
>>
>> Unless I want to sftp. It always looks
ML wrote:
> HI All,
>
> With my new firewall in place, it has opened my eyes to how much
> traffic gets blocked in a single day and also what are the most active
> rules. I get *a lot* of requests for port 22.
>
> How does one switch ssh ports? What is a good port to use? What
> ramifications
On Sunday 25 October 2009 03:06:58 pm Ned Slider wrote:
> The SSH daemon runs as an unconfined service in SELinux (at least on
> RHEL4 and 5), so SELinux has no effect on SSH. Same as a bash shell runs
> unconfined.
Thanks Ned! That's it. I missed the following check:
# ps -eZ | grep sshd
root
Jorge Fábregas wrote:
> Hello everyone,
>
> Now after the recent discussion on running SSH on a different port, I
> decided
> to start a new thread but with SELinux involved.
>
> Assuming that you have SELinux enabled, and that you changed the default port
> for SSHD, let say for 1234, when I
Hello everyone,
Now after the recent discussion on running SSH on a different port, I decided
to start a new thread but with SELinux involved.
Assuming that you have SELinux enabled, and that you changed the default port
for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denia
Gilbert Sebenste wrote:
> On Sat, 24 Oct 2009, Philip Gwyn wrote:
>
>> On 24-Oct-2009 Oliver Ransom wrote:
>>> I don't think there are any ramifications/disadvantages of running the
>>> SSH daemon on a non standard port.
>
> Unless I want to sftp. It always looks for port 22; if I do:
>
> sftp S
On Sat, 24 Oct 2009, Benjamin Donnachie wrote:
> 2009/10/24 Gilbert Sebenste :
>> It will deny me if SERVER is anything but port 22. Doing a man sftp yields
>> no help on how to solve that. Any ideas?
>
>> From memory, try -o Port=222
>
> Ben
Thanks to all who responded. That's what I was looking
2009/10/24 Gilbert Sebenste :
> It will deny me if SERVER is anything but port 22. Doing a man sftp yields
> no help on how to solve that. Any ideas?
>From memory, try -o Port=222
Ben
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mai
On Sat, 24 Oct 2009, Philip Gwyn wrote:
> On 24-Oct-2009 Oliver Ransom wrote:
>> I don't think there are any ramifications/disadvantages of running the
>> SSH daemon on a non standard port.
Unless I want to sftp. It always looks for port 22; if I do:
sftp SERVER
It will deny me if SERVER is any
On 24-Oct-2009 Oliver Ransom wrote:
> I don't think there are any ramifications/disadvantages of running the
> SSH daemon on a non standard port.
Running sshd on a non-standard port is highly useful ; I always have 2
seperate sshd instances. One on 22 and one on 222. This way, if I muck up a
>>> I then did: service sshd restart
>>>
>>>
>>
>
>
>> Have you restarted the ssh daemon after changing the config file?
>>
>
> Ooops, I really need to not post to the mailing list when I am tired.
>
> My second question still stands, Also, have you run nmap on your
> host to
> verify that the
> >
> > I then did: service sshd restart
> >
> >
>
> Have you restarted the ssh daemon after changing the config file?
>
Ooops, I really need to not post to the mailing list when I am tired.
My second question still stands, Also, have you run nmap on your host to
verify that the port is
On Sat, 2009-10-24 at 07:17 -0700, ML wrote:
> >>> In /etc/ssh/sshd_config replace "port 22" with "port >>> port
> >>> (> 1024) you like>"
> >>>
> >>> Then configure your ssh clients accordingly.
> >>
> >> So I added Port 2977 Under Host *
> >>
> >> So I have:
> >> Host *
> >> Port 2977
> >>
> >>
As mentioned previously, requiring certificates, and not allowing
interactive logins, is safest.
But even if you decide to allow interactive logins, there are things
you SHOULD do.
Disable admin/root login.
Update sshd so that only named users can login via SSH, all other
users that might
>>> In /etc/ssh/sshd_config replace "port 22" with "port >> port
>>> (> 1024) you like>"
>>>
>>> Then configure your ssh clients accordingly.
>>
>> So I added Port 2977 Under Host *
>>
>> So I have:
>> Host *
>> Port 2977
>>
>> I rebooted and I get a connection refused now when I try to connect.
>
On 25/10/2009, at 12:10 AM, ML wrote:
>
>>> How does one switch ssh ports? What is a good port to use? What
>>> ramifications does it have when I need to ssh in? Is it as simple as
>>> ssh u...@hots:port?
>>>
>>
>> In /etc/ssh/sshd_config replace "port 22" with "port > port
>> (> 1024) you like>"
ML wrote:
>>> How does one switch ssh ports? What is a good port to use? What
>>> ramifications does it have when I need to ssh in? Is it as simple as
>>> ssh u...@hots:port?
>>>
>> In /etc/ssh/sshd_config replace "port 22" with "port > port
>> (> 1024) you like>"
>>
>> Then configure your ssh clie
Mark,
> One more thing - you might want to look at authfail. After a number
> of attempts
> to log in, it will add firewall rules to block that IP address.
Thanks for the advice!
I will google it.
-ML
___
CentOS mailing list
CentOS@centos.org
http:/
Ned,
> Pretty much everything you need to know about SSH is on the Wiki here:
>
> http://wiki.centos.org/HowTos/Network/SecuringSSH
>
> Why don't people use the Wiki? These same topics come up over and over
> again, and no one ever refers to the resources available on the Wiki?
Thanks for the lin
One more thing - you might want to look at authfail. After a number of attempts
to log in, it will add firewall rules to block that IP address.
mark
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Stephen Wong wrote:
> Change the port statement in /etc/ssh/sshd_config and restart sshd
>
> Alternatively, you can make a port direction on your firewall, say,
> from TCP port 1234 to internal IP 22. Then, you don't need to change
> the server config.
One thing to consider: an attacker with a c
> Pretty much everything you need to know about SSH is on the Wiki here:
>
> http://wiki.centos.org/HowTos/Network/SecuringSSH
>
> Why don't people use the Wiki? These same topics come up over and over
> again, and no one ever refers to the resources available on the Wiki?
I dont think it is well
>> How does one switch ssh ports? What is a good port to use? What
>> ramifications does it have when I need to ssh in? Is it as simple as
>> ssh u...@hots:port?
>>
>
> In /etc/ssh/sshd_config replace "port 22" with "port port
> (> 1024) you like>"
>
> Then configure your ssh clients accordingly.
ML wrote:
> HI All,
>
> With my new firewall in place, it has opened my eyes to how much
> traffic gets blocked in a single day and also what are the most active
> rules. I get *a lot* of requests for port 22.
>
> How does one switch ssh ports? What is a good port to use? What
> ramificatio
Change the port statement in /etc/ssh/sshd_config and restart sshd
Alternatively, you can make a port direction on your firewall, say,
from TCP port 1234 to internal IP 22. Then, you don't need to change
the server config.
My 2 cents.
Stephen WONG @ Hong Kong
On Sat, Oct 24, 2009 at 9:23 PM,
On 24/10/2009, at 11:40 PM, Miguel Medalha wrote:
>
>> How does one switch ssh ports? What is a good port to use? What
>> ramifications does it have when I need to ssh in? Is it as simple as
>> ssh u...@hots:port?
>>
>
> In /etc/ssh/sshd_config replace "port 22" with "port port
> (> 1024) you li
On 24/10/2009, at 11:26 PM, ML wrote:
> HI All,
>
> With my new firewall in place, it has opened my eyes to how much
> traffic gets blocked in a single day and also what are the most active
> rules. I get *a lot* of requests for port 22.
Look in /etc/ssh/sshd_config
You can specify the port the
> How does one switch ssh ports? What is a good port to use? What
> ramifications does it have when I need to ssh in? Is it as simple as
> ssh u...@hots:port?
>
In /etc/ssh/sshd_config replace "port 22" with "port 1024) you like>"
Then configure your ssh clients accordingly.
I was havin
On Sat, 2009-10-24 at 05:56 -0700, ML wrote:
> HI All,
>
> With my new firewall in place, it has opened my eyes to how much
> traffic gets blocked in a single day and also what are the most active
> rules. I get *a lot* of requests for port 22.
>
> How does one switch ssh ports? What is a goo
HI All,
With my new firewall in place, it has opened my eyes to how much
traffic gets blocked in a single day and also what are the most active
rules. I get *a lot* of requests for port 22.
How does one switch ssh ports? What is a good port to use? What
ramifications does it have when I nee
34 matches
Mail list logo
