Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Change ssh to obscure port' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Change ssh to obscure port
Authored by: buxtor on Feb 11, '05 10:24:07AM

Another method that helped me dodge those attacks (~100+ attacks per day!) is changing the remote login port from 22 to something very obscure, say something with 4-5 digits. (Just be sure that it's a port you don't currently use for anything else.)

The easiest way to do that is to use Port Forwarding in your router like so:
External Port: 8085 --> Internal Port: 22 IP: (Your mac's ip)

This tells the router to send any traffic from 8085 to your Mac on port 22.

That way, portscanners will skip right over the default ssh port of 22. But remember, when you want to login, you have to specify the port as follows:
ssh -p 8085 user@somewhere.com



[ Reply to This | # ]
Change ssh to obscure port
Authored by: kray on Feb 11, '05 11:48:15AM

Exactly what I was going to say (use a different port). In the Linux world changing the sshd_config file does the trick -- in the Mac world it's a little bit more involved (editing /etc/services). I've done this on all my system and have watched thousands of attempts go un-routed at the firewall.

I like your idea better (for the novice) as I've seen Mac updates re-write my sshd_config and services file on many of the updates (though the last system update [10.3.8] didn't :).

Also changing ssh_config to use a specific port allows you to use ssh "as-is" without the need to always specify the port -- which is nice when you use scp which uses the -P flag and not the -p flag [annoying].

Of course YMMV



[ Reply to This | # ]
Change ssh to obscure port
Authored by: robg on Feb 11, '05 01:12:53PM

Great idea; I'll add that to the body of the main hint tonight. I thought about including the instructions to really re-map sshd's port, but that's a real pain to do (and as the other commenter noted, it can be undone by upgrades).

Thanks;
-rob.



[ Reply to This | # ]
obscure port unaffected by system updates
Authored by: gatorparrots on Feb 13, '05 02:01:11PM
I've been doing this since 10.1 (then the change was simply made in /etc/sshd_config). None of the point updates have undone this change (affected under xinetd in both /etc/services and /etc/xinetd.d/ssh. Apple has seen fit to leave those two files alone through the duration of the point upgrades (10.2-10.2.8, 10.3-10.3.8). Of course, I have done fresh installs of each of the major point releases (10.2, 10.3) and just make the SSH port change as part of my installation routine. In this case, I do indeed believe that there is a lot of peace and rest to be found in "security through obscurity." At least it keeps your server below the radar of the script kiddies and port scanner types.

[ Reply to This | # ]