Mailinglist Archive: opensuse (3513 mails)

< Previous Next >
Re: [opensuse] Slow SSH, well sort of...
  • From: Verner Kjærsgaard <vk@xxxxxxxxxxxxx>
  • Date: Sun, 11 Jan 2009 10:37:47 +0100
  • Message-id: <4969BDEB.7070101@xxxxxxxxxxxxx>

David C. Rankin skrev:
Matthias Bach wrote:

Am Samstag 10 Januar 2009 schrieb Verner Kjærsgaard:
I takes a looooooooooong time to log in. Once in, anything typed echoes
back as expected, for example "l" to get a directory listing. But - the
listing itself takes 10 - 15 seconds to emerge.
Is the server publically reachable? In my experience having SSH reachable via port 22 can make the server pretty much stall due to the massive amount of login attempts carried out by drones.


That is why I STRONGLY suggest moving ssh to a high port in the 5000 to
range. There will be zero script kiddie login attempts from APNIC.

The process is simple:

(1) look at /etc/services and find an _open_ port where ever you want to move
ssh to;

(2) edit /etc/ssh/sshd_config and uncomment the port option and change the port

Port 8687

(3) to make the port change transparent to your users just specify the port
change in the system-wide config file '/etc/ssh/ssh_config' or if you only want
some users to have ssh access, then specify the change in the per user config
file '~/.ssh/config'. (see man ssh) The format is simply 'Host' and 'Port' on
separate lines like:

17:25 ecstasy:~> cat .ssh/config
Host alchemy
Port 22
Host arete
Port 22
Host ecstasy
Port 8687

Everything that uses ssh ( like fish://, scp, rsync, etc. ) will
use the new port if you create the config file. As above, you need to specify
those hosts that are still on port 22 as well. Otherwise, the box will default
to trying ssh connections on its new default high port.

Now your annoying little login attempts that fill up your log files are
thing of the past ;-)

- thanks. Taken into serious consideration.
- and written into my knowledge base :-)

Med venlig hilsen/Best regards
Verner Kjærsgaard
Open Source Academy
+45 56964223

Novell Certified Linux
Professional 10035701
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >