[tor-relays] List of Relays' Available SSH Auth Methods

Philipp Winter phw at nymity.ch
Tue Nov 18 19:10:01 UTC 2014

On Tue, Nov 18, 2014 at 09:43:53AM -0800, Andy Isaacson wrote:
> On Tue, Nov 18, 2014 at 10:09:37AM -0500, Libertas wrote:
> > * SSH being served on a non-standard port - something other than port
> > 22. This is a good idea, as many brute-force attackers will only
> > bother trying port 22.
> I don't understand why, for a system that has gotten any security review
> at all, moving ssh to another port is "a good idea".

In addition to an already safe configuration, I use non-standards ports.
As you point out yourself, it keeps the log files clean, which allows me
to focus on the small number of login attempts I get.  This is my main
reason for doing this.

In addition, if OpenSSH (or one of its dependencies) should ever be
subject to a severe security issue, plenty of folks would immediately
start scanning and exploiting the Internet.  A non-standard port would
likely give me a grace period which would allow me to shut down SSH or
take other measures.


More information about the tor-relays mailing list