Comments on: SSH on nonstandard ports, how to NOT do it. (part 1) http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/ Stuff for Server Admins... Sun, 26 Feb 2012 21:12:04 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Ken Thomas http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/comment-page-1/#comment-2609 Ken Thomas Tue, 22 Nov 2011 00:21:28 +0000 http://serveradmins.net/?p=41#comment-2609 Hmm. Seems to me that if you have users who might try this sort of think (and have the perms for it), you have a different issue. Typically, I would run ssh on a variety of other ports for a very simple reason: our staff travels and more than occassionally encounters an interior network that is heavily firewalled. Port 80, perhaps port 443 and perhaps 8080 are all you can rreally rely on. However, having ssh running on some high ports, can also help. Equally, what's going to happen when your regular user ssh-es into your rouge users rouge port, and doesn't get the same keyauth? Etc. But surely-- if you're going to run ssh on a port > 1024, you should prevent your users from using the same port. Noted. Hmm.

Seems to me that if you have users who might try this sort of think (and have the perms for it), you have a different issue.

Typically, I would run ssh on a variety of other ports for a very simple reason: our staff travels and more than occassionally encounters an interior network that is heavily firewalled. Port 80, perhaps port 443 and perhaps 8080 are all you can rreally rely on. However, having ssh running on some high ports, can also help.

Equally, what’s going to happen when your regular user ssh-es into your rouge users rouge port, and doesn’t get the same keyauth? Etc.

But surely– if you’re going to run ssh on a port > 1024, you should prevent your users from using the same port. Noted.

]]> By: chrism http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/comment-page-1/#comment-2430 chrism Tue, 16 Aug 2011 17:38:25 +0000 http://serveradmins.net/?p=41#comment-2430 Hey there, Typically this is reserved for servers that are running public facing services. If the machine is fully behind your firewall and you're the only one that controls this firewall, I would not worry about it too much. :) Hey there,

Typically this is reserved for servers that are running public facing services. If the machine is fully behind your firewall and you’re the only one that controls this firewall, I would not worry about it too much. :)

]]> By: Raymond http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/comment-page-1/#comment-2413 Raymond Thu, 28 Jul 2011 14:27:39 +0000 http://serveradmins.net/?p=41#comment-2413 As I read this article, I understand that this vulnerability is limited to users that have access (accounts) to the firewall. If I open port 8123 on my router and direct traffic to port 22 on my UNIX box, I believe that this vulnerability is not an issue because I am the only one that (should) have administrative pivelege to my router. If my understanding is not correct I am not getting it , please (gently) comment. As I read this article, I understand that this vulnerability is limited to users that have access (accounts) to the firewall. If I open port 8123 on my router and direct traffic to port 22 on my UNIX box, I believe that this vulnerability is not an issue because I am the only one that (should) have administrative pivelege to my router. If my understanding is not correct I am not getting it , please (gently) comment.

]]> By: chrism http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/comment-page-1/#comment-830 chrism Sat, 08 May 2010 00:31:17 +0000 http://serveradmins.net/?p=41#comment-830 Gareth, I don't see any issue with non-standard ports at all. My point is that using non-priv'd ports (ports > 1024) is an unnecessary risk and no more 'secure' than 44444 or something, if that makes sense. :) Gareth,

I don’t see any issue with non-standard ports at all. My point is that using non-priv’d ports (ports > 1024) is an unnecessary risk and no more ‘secure’ than 44444 or something, if that makes sense. :)

]]> By: Gareth http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/comment-page-1/#comment-828 Gareth Fri, 30 Apr 2010 09:34:53 +0000 http://serveradmins.net/?p=41#comment-828 I don't see any issue with using a non-standard server port on any server that is physically secured and to which only trusted users have access, nor do I see a problem with using a non-standard port on a firewall appliance when it is being used to redirect to an internal server. I don’t see any issue with using a non-standard server port on any server that is physically secured and to which only trusted users have access, nor do I see a problem with using a non-standard port on a firewall appliance when it is being used to redirect to an internal server.

]]> By: chrism http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/comment-page-1/#comment-811 chrism Sun, 07 Mar 2010 00:22:35 +0000 http://serveradmins.net/?p=41#comment-811 Gregory, Not a problem, if there's any other questions or stuff I can help with, just let me know. :) Gregory,
Not a problem, if there’s any other questions or stuff I can help with, just let me know. :)

]]> By: Gregory Despain http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/comment-page-1/#comment-808 Gregory Despain Sat, 06 Mar 2010 06:25:02 +0000 http://serveradmins.net/?p=41#comment-808 Thanks for this post, answers a bunch of questions I was having. Thanks for this post, answers a bunch of questions I was having.

]]>