Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Change the default SSH server port on 10.3' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Change the default SSH server port on 10.3
Authored by: raveldcp on Jun 10, '04 12:58:03PM

This is *such* a bad idea. Modifying /etc/services should not be taken lightly. Any upgrades to the system will potentially break this. The safest, and standard Unix way, is to change the sshd_config file found in /etc

Look for the

#Port 22

and change it to the new port you want to use. It won't prevent port scanners, but does provide a certain level of obfuscation.



[ Reply to This | # ]
Change the default SSH server port on 10.3
Authored by: valkraider on Jun 11, '04 12:21:36AM

Lets see if I can do this without being too inflamitory... (It's just a discussion after all)...

If the only reason that changes in /etc/services are bad simply because an upgrade might break them, then for crying out loud - don't customize your computer at all. LOTS of upgrades have broken LOTS of stuff - ESPECIALLY when it comes to SSH and things like Apache and Firewall configs and stuff like that....

I have not *yet* seen any *good* reasons why people say not to use /etc/services .

And, in the original hint, I specify that changing the port value in /etc/sshd_config ONLY WORKS IF YOU INVOKE SSHD MANUALLY. When Panther invokes sshd it does so using xinetd - and the value in /etc/sshd_config is ignored. Again, I do not want to debate the merit of xinetd, I simply need to know the best way to change the port, and to help others do the same.



[ Reply to This | # ]
Change the default SSH server port on 10.3
Authored by: mweissen on Jun 11, '04 07:19:36AM

I have not *yet* seen any *good* reasons why people say not to use /etc/services .

OK. Open a Terminal window and try to SSH to any other computer. You should fairly quickly see a perfectly good reason not to edit /etc/services.

It's all about namespaces. Conventions, standards, nomenclature, terminology. If you change names or numbers in the /etc/services file, you're effectively crippling your own computer's ability to talk to others on the Internet, and Things Will Break(TM). The fact that making this change also happens to solve your pet problem on this particular operating system is just one unfortunate side effect.

By the way, you can reset the outgoing SSH port to 22 by editing the /etc/ssh_config file. This could be considered kludging the broken setup, though.

--Bud



[ Reply to This | # ]