SSH through port forwarding
Chad Perrin
perrin at apotheon.com
Fri Dec 28 13:40:10 PST 2007
On Fri, Dec 28, 2007 at 12:19:44PM -0800, Brian wrote:
> Chad Perrin wrote:
> >On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote:
> >
> >>>On December 18, 2007 at 12:47AM sham khalil wrote:
> >>>
> >>>once you open port 22 to public ip, you'll get people try to bruteforce
> >>>your
> >>>machine.
> >>>if you don't want that set sshd to listen to a higher number like 5522
> >>>then forward port 5522 from the router to the internal machines.
> >>>
> >>>unfortunately for wrt54g, you can't forward port 5522 to 22 for internal
> >>>machine.
> >>>
> >>Security through obscurity is a poor substitute for security. Port
> >>scanners
> >>will eventually find that port also.
> >>
> >
> >One needs something else for security against brute-force attempts, but
> >changing the port number does help cut down on the amount of bandwidth
> >consumption on the LAN side of your router by allowing the router to
> >ignore/deny all incoming traffic on port 22.
> >
> Has denyhosts been considered?
It has been considered (and used) by me -- but I have no idea about the
OP.
--
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Larry Wall: "A script is what you give the actors. A program is what you
give the audience."
More information about the freebsd-questions
mailing list