[Ach] Feedback to applied-crypto-hardening.pdf - Webservers - OpenSSH

Alice Wonder alice at librelamp.com
Fri Dec 22 16:48:32 CET 2017

On 12/22/2017 07:38 AM, Aaron Zauner wrote:
>> On 22 Dec 2017, at 13:32, Sebastian <sebix at sebix.at> wrote:
>> On 12/22/2017 01:02 PM, Alice Wonder wrote:
>>> On 12/22/2017 03:57 AM, Torge Riedel wrote:
>>>> Maybe there is one hint to offer in the guide: Change the port of sshd
>>>> to somewhat else than 22. I observed massive reduction of sshd attacks
>>>> on my servers after changing the port.
>>> Indeed, that's fairly standard. Wasn't aware it wasn't in the guide.
>> Because it's not cryptography.
> +1
> This discussion regularly comes up in GitHub PRs as well *snip*

Yes, point conceded.

The port number has nothing to do with how secure the server is.

Changing the port number reduces the noise in the logs but as far as 
security goes, it is neutral. Port 22 is just as safe if you take the 
same measures you should always take regardless of the port.

So I would agree it doesn't belong in the doc.

More information about the Ach mailing list