On 2021-03-04 12:00 p.m., James Knott wrote:
On 2021-03-04 11:53 a.m., Adam Majer wrote:
If you want to have a quiet life for SSH admin only connections, limit to some IPv6 address unique for SSH. Then you don't have to worry about high ports. It will be quiet.
I don't know what you mean by unique for ssh but, with privacy addresses, the address used for outgoing connections is not the same as the one used for incoming. There is one consistent address, often based on the MAC address, and up to seven temporary privacy addresses, with a new one every day. There's no way anyone could determine the ssh server address from any privacy address. The best they could do is narrow(?) it down to 1 in 18.4 billion, billion
Another thing you could do is use a different /64 for your servers. For example, I get a /56 prefix from my ISP. This means I have 256 /64s. Others provide a /48 for 65536 /64s. Just pick one different from your outgoing connections.