[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
howtos:security:ssh [2013/10/21 12:29 (UTC)] – [Change the SSH default port] ricky_cardohowtos:security:ssh [2013/11/15 11:36 (UTC)] (current) – [Alternate method of Changing the SSH default port with out changing] ricky_cardo
Line 46: Line 46:
  
  
-===== Alternate method of Changing the SSH default port with out changing  =====+===== Alternate method of Changing the SSH default port without changing  =====
  
 This suggestion is completely lifted from another site [[http://null.redcodenetwork.ro/changing-the-ssh-port-without-changing-it/]] This suggestion is completely lifted from another site [[http://null.redcodenetwork.ro/changing-the-ssh-port-without-changing-it/]]
  The idea here is add a call to this script in rc.local so it will run at start up.  The idea here is add a call to this script in rc.local so it will run at start up.
 +
 +To use Download sample at the bottom change as you like and save it in /etc/rc.d/  (make it executable to use)
 +Add this sample below to /etc/rc.d/rc.local
  
 #add ssh_hide to port 8889 #add ssh_hide to port 8889
Line 57: Line 60:
      
  What it is doing is making it look like you changed the port ssh is using and provide some additional security.  What it is doing is making it look like you changed the port ssh is using and provide some additional security.
-What happens is scanners will continue to see port 22 open and try to go there while your server drops those packets.  Real packets come in on port 8889 and are redirected by iptables to post 22 with mangle in the header so they don't get dropped.+What happens is scanners will continue to see port 22 open and try to go there while your server drops those packets, because the header is not mangled.  Real packets come in on port 8889 and are redirected by iptables to port 22 with mangle in the header so they don't get dropped.
  
 <file bash rc.ssh_hide> <file bash rc.ssh_hide>
Line 91: Line 94:
 </file> </file>
  
 +Note not ipv6 compatible, due to nat (ip6tables not supporting nat)
  
  

Trace:

howtos:security:ssh ()