Changing ssh port possible ?

  • Thread starter Thread starter tobixx
  • Start date Start date
T

tobixx

Guest
Hello,

is it possible to change the ssh port on the the cluster machines ?

Greetings
 
You can manually edit /etc/ssh/ssh_config and /etc/ssh/sshd_config. But I have never tested that.
 
You can manually edit /etc/ssh/ssh_config and /etc/ssh/sshd_config. But I have never tested that.

Damn, I forgot the ssh client config. I will test it.
First only edited the server conf.
Thanks for your wake up.
 
security through obscurity

To keep away the scripting kids - security trough obscurity - keeps the logs clean.

If you are happy, all are happy


But another solution is to modify syslog.conf and put
auth.* /dev/null


:cool:

Sorry, i don't understand this
Diaolin
 
Last edited:
the problem here is not with how to change SSH port, but with making PVE Cluster to work with non-22 port for SSHD.
If you have PVE cluster (with more than 2 servers :P ) it wont work, because pve is searching for SSH on standart port.
I didnt make a search in the configs, but i will. If somebody knows a solution, please post!
 
security by obscurity is only part of the battle...

"Security by obscurity" is only bad when you rely on it and only it. Of course - if being used as an additional layer in a defense-in-depth - it is a great addition.

Generally its a good idea to move SSH just to avoid all the script kiddies and pain in the rears from filling up your logs :-)

In reality - a real port scan will find it - but if you keep that port really high - it will take some time for them to find it - and other apps on the server by then may be able to catch the port scan and block them.

One suggestion is to use another well-known port for SSH instead.
Good use of strong Egress filters will help here as well.
Good passwords
Use of Certs
TCP-Wrapper
Port-Knocking
etc. etc.

Now - one other addition would be
http://stats.denyhosts.net/stats.html

At present - this RBL for SSH has 174920 hosts denied by DenyHosts.

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

Have a great one :-)
 
but how your script will connect to remote machine when it will try on 22 port and will get connection refused?

Really, i didnt tested it, but thats what I think
 
we simply use the 'ssh' command to connect. So it uses the port specified in /etc/ssh/ssh_config

- Dietmar
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!