[Ach] Feedback to applied-crypto-hardening.pdf - Webservers - OpenSSH
alice at librelamp.com
Fri Dec 22 16:48:32 CET 2017
On 12/22/2017 07:38 AM, Aaron Zauner wrote:
>> On 22 Dec 2017, at 13:32, Sebastian <sebix at sebix.at> wrote:
>> On 12/22/2017 01:02 PM, Alice Wonder wrote:
>>> On 12/22/2017 03:57 AM, Torge Riedel wrote:
>>>> Maybe there is one hint to offer in the guide: Change the port of sshd
>>>> to somewhat else than 22. I observed massive reduction of sshd attacks
>>>> on my servers after changing the port.
>>> Indeed, that's fairly standard. Wasn't aware it wasn't in the guide.
>> Because it's not cryptography.
> This discussion regularly comes up in GitHub PRs as well *snip*
Yes, point conceded.
The port number has nothing to do with how secure the server is.
Changing the port number reduces the noise in the logs but as far as
security goes, it is neutral. Port 22 is just as safe if you take the
same measures you should always take regardless of the port.
So I would agree it doesn't belong in the doc.
More information about the Ach