[arm-allstar] NOTICE for user's with public ssh on port 222
Nate Bargmann
n0nb at n0nb.us
Tue Mar 7 09:13:29 EST 2023
* On 2023 07 Mar 06:55 -0600, Steve Matzura via ARM-allstar wrote:
> For those who maybe are not in the know, where is this documented, or where
> can one go for a how-to?
Since HamVOIP is based on Arch, the Arch Wiki is a good place to start:
https://wiki.archlinux.org/title/OpenSSH
https://wiki.archlinux.org/title/SSH_keys
Once you have key authentication working pay attention to section 3.3.1
of the first link. In no way do you want to expose an SSH server to the
Internet with password authentication enabled.
Yes, I too have an obscure port set but not for "security" as anyone
with the 'nmap' utility will quickly find it, but since I had two
HamVOIP instances running on my LAN a few years back and I just left it
since it was already configured. Another reason to set the listening
SSH port to a value above 1024 is in case your ISP blocks low numbered
ports.
If you're on a LAN behind a router with NAT using port forwarding
through the firewall, there is little harm leaving SSH on the default
port unless your router is so brain dead that it requires the incoming
Internet port match the port on the target system on the LAN (I had one
once, resolved by using hardware supported by OpenWRT which can accept
an arbitrary value for an incoming port and translate that to a
"standard" port).
73, Nate, N0NB
--
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."
Web: https://www.n0nb.us
Projects: https://github.com/N0NB
GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819
More information about the ARM-allstar
mailing list