Home » Questions » Computers [ Ask a new question ]

OpenSSH server listening to non-standard port - recommended or not?

OpenSSH server listening to non-standard port - recommended or not?

Is it recommended to have sshd listening on a non-standard port? The Ubuntu community documentation has a line which states:

Asked by: Guest | Views: 55
Total answers/comments: 2
Guest [Entry]

"If you have a machine which you want a number of people to be able to SSH into, running on a non-standard port might make it more confusing for them.

If it's just you, however, running on a port other than 22 has no real drawbacks (assuming you can remember the port number) and it will greatly reduce the number of connection attempts you get from bots performing dictionary attacks."
Guest [Entry]

"Running SSH on a non-standard port is akin to re-locating the ignition key slot in a car to the trunk. Security though obscurity is not security, but it does foil robot scripts that are to stupid to see the extension cord running from the dash through the back seat.

The best way to secure SSH is to prevent root logins completely, and to enforce the use of key pairs by disabling password logins. Additionally, don't take the lazy way out and make password-less keys.

Fighting brute force attacks is better than hiding from them, you don't want those IP's accessing any service on the system once they fail to login as root 100 times in a row. Its rather easy to monitor log files for this and use firewall tools (iptables) to block future requests.

The combination is much more secure .. and you don't have to confuse users with a non standard port :)"