Cyber Security

22 readers

5 users here now

🕵🏿 Surveillance, Information security, Cybersecurity, Interoperability, Analytics, Data tracking, Digital Disinformation, Decentralised Finance, Algorithmic Sovereignty & Privacy By Design.

Questions and answers are encouraged. Be excellent to each other. 🕊️

founded 2 months ago

MODERATORS

[email protected]

Listen up, changing SSH daemon to non-standard port is a waste of time & even less secure (www.youtube.com)

submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Stop it right now. It does not help your threat environment. It just makes things worse.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

I don't really agree with the video for a number of points though I'd say that changing the port is not a security, but a convenience feature.

Privileged port is probably the best argument, however the attack mentioned here would only work for users not having connected to the host before, as otherwise you'd get a host key check failure. The host key wouldn't be readable by an attacker in the case mentioned, and you wouldn't be able to steal passwords if the user has a key authentication only.

Only allowing certain IPs won't work in a lot of non-commercial environments, and fail2ban can be used for DOSing the server as the attacker can spoof the sending IP to a legitimate one, denying access.

[–] [email protected] 1 points 2 weeks ago

I posit that the point of the video is that port changing is an inconvenience non-feature, especially at scale of distributed legitimate use.

load more comments (1 replies)