Mailinglist Archive: opensuse (3513 mails)

< Previous Next >
Re: [opensuse] Slow SSH, well sort of...
  • From: Bob Williams <linux@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 11 Jan 2009 13:23:10 +0000
  • Message-id: <200901111323.10468.linux@xxxxxxxxxxxxxxxxxxxxx>
On Saturday 10 January 2009 23:30:21 David C. Rankin wrote:
Matthias Bach wrote:
Hi!

Am Samstag 10 Januar 2009 schrieb Verner Kjærsgaard:
I takes a looooooooooong time to log in. Once in, anything typed
echoes back as expected, for example "l" to get a directory listing.
But - the listing itself takes 10 - 15 seconds to emerge.

Is the server publically reachable? In my experience having SSH
reachable via port 22 can make the server pretty much stall due to
the massive amount of login attempts carried out by drones.

Regards,
Matthias

That is why I STRONGLY suggest moving ssh to a high port in the 5000
to 7000 range. There will be zero script kiddie login attempts from
APNIC.

The process is simple:

(1) look at /etc/services and find an _open_ port where ever you want
to move ssh to;

(2) edit /etc/ssh/sshd_config and uncomment the port option and change
the port number:

Port 8687

(3) to make the port change transparent to your users just specify the
port change in the system-wide config file '/etc/ssh/ssh_config' or if
you only want some users to have ssh access, then specify the change in
the per user config file '~/.ssh/config'. (see man ssh) The format is
simply 'Host' and 'Port' on separate lines like:

17:25 ecstasy:~> cat .ssh/config
#
## 3111skyline.com
#
Host alchemy.3111skyline.com alchemy
Port 22
Host arete.3111skyline.com arete
Port 22
Host ecstasy.3111skyline.com ecstasy
Port 8687

Everything that uses ssh ( like fish://, scp, rsync, etc. ) will
automatically use the new port if you create the config file. As above,
you need to specify those hosts that are still on port 22 as well.
Otherwise, the box will default to trying ssh connections on its new
default high port.

Now your annoying little login attempts that fill up your log files
are a thing of the past ;-)

I know you've mentioned this before, David, but I probably wasn't paying
enough attention.

If I put similar lines to the above into my '/etc/ssh/ssh_config' file,
then a remote user who has his public key in an 'authorized_keys' file
here, who does a simple ssh to my_WLAN_IP, will get through without
having to do 'ssh -p 8687 my_WLAN_IP'?

Have I got this right?

YaB (Yet Another Bob)
--
Registered Linux User #463880 FSFE Member #1300
GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E
openSUSE 11.1, Kernel 2.6.27.7-9-default, KDE 3.5.10
Intel Core2 Quad Q9400 2.66GHz, 4GB DDR RAM, nVidia GeForce 9200GS
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >