Jaime Santos wrote:
Hi again,
If someone is using a script to probe port 22 of random machines, probably it does make sense to attach the ssh server to some other port. But your users will have to be warned that they have to explicitly name such a port when trying to login remotely. Furthermore, a nmap search for open ports can always reveal the services which are available, but this is a directed attack. Given the nuisance (such strategy is essentially security via obscurity), I think it isn't worth doing it.
I think it's a very good idea to place ssh on a very high port I'm running it on one and actually NEVER had anyone finding out the correct port. It they wanted to know they have to scan for a looong time which generates LOTS of logs...... And then it's probably best to only allow a specific user so it gets extremely hard to even find out the USER, not even speaking of the pass.... Matt