Feature #217
Tick box to shift SSH port to unusual high number
| Status: | New | Start: | 2024-11-29 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 1 |
Description
One of the first things I try to remember to do with a new installation is to shift the SSH server away from the default port of 22 to lessen the login attempts from non-users. The client can use ~/.ssh/config's 'Port' to avoid having to state it each time. I tend to pick a high random port with something like $((31415 + RANDOM % 31415)).
A tick box on creating a new VM could make this one of the customisations done of the new installation. The initial email to the user would give the port and an example ssh(1) command, say, which states it or a pointer to the wiki.
It may be that the network equipment can show how many bytes short-lived connections to TCP port 22 are clocking up across all VMs. They also create needless CPU load by waking sshd(8).
History
Updated by admin 5 months ago
You've described what you do, but I just don't think there is going to be anyone else who wants this. Of the subset who prefer to use a non-standard port I think they will have settled on a port they prefer, or have their own way of doing this, so this option to have sshd on a completely random port I don't think it would be chosen by anyone.
I might be slightly more enthusiastic about an option to say what port sshd should be on (or to have no sshd at all).
Is there any wider interest in this?
Updated by magnus 5 months ago
Yes, I don't mind what the method is. I chose random because anything fixed can become commonplace, e.g. 22222 aping 22, and so lack obscurity. I don't think there's any point adding the feature unless it would save enough network, CPU, and yet-another-attempt logging activity; perhaps the first thing is whether that could be measured or estimated and found to be significant.