Stop it right now. It does not help your threat environment. It just makes things worse.

  • @[email protected]
    link
    fedilink
    2
    edit-2
    3 months ago

    I don’t really agree with the video for a number of points though I’d say that changing the port is not a security, but a convenience feature.

    Privileged port is probably the best argument, however the attack mentioned here would only work for users not having connected to the host before, as otherwise you’d get a host key check failure. The host key wouldn’t be readable by an attacker in the case mentioned, and you wouldn’t be able to steal passwords if the user has a key authentication only.

    Only allowing certain IPs won’t work in a lot of non-commercial environments, and fail2ban can be used for DOSing the server as the attacker can spoof the sending IP to a legitimate one, denying access.

    • @[email protected]OP
      link
      fedilink
      13 months ago

      Privileged port is a trust belief system where you believe that the remote system only offers services below port 1024 if they were started with elevated privilege. Author PK Dick once said reality is that which, when you stop believing in it, doesn’t go away.

    • @[email protected]OP
      link
      fedilink
      13 months ago

      I posit that the point of the video is that port changing is an inconvenience non-feature, especially at scale of distributed legitimate use.

  • Billegh
    link
    13 months ago

    Port knocking and actual firewall rules are far better for ssh that must be visible publically. VPN only otherwise.

    • @mumblerfish
      link
      23 months ago

      I have not understood why VPN is mentioned as a more secure alternative. Or is it always meant as VPN in addition to ssh?

      • Mellow
        link
        English
        43 months ago

        It’s more secure to use a VPN to gain access to the network where you can access internally the services you need rather than expose many individual services to the open internet.

        If I need to access something on my home network I’m not going to port forward everything through the firewall. I’m just going to use my vpn to remote in and then ssh to the system. Obviously keep your vpn server patched and up to date.

        • @mumblerfish
          link
          23 months ago

          Sure, but my question was about exposing ssh compared to exposing a VPN.

          • Billegh
            link
            23 months ago

            Honestly, one isn’t better than the other. It’s more of a “what can they do” if they gain access. With SSH you likely have terminal access wherever. VPN means you need to be able to talk to the service and even then it’s usually just network access. Attackers have to break in further once there.

            I would rather neither, but of the two I have good firewall rules internally. And failed ssh access internally is reported immediately.