Matthew Sullivan <matthew@sorbs.net> writes:
John Levine wrote:
Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?
don't do that! Lots of (access) isps around the world (esp here in Europe) block those ports
If you're going to move sshd somewhere else, port 443 is a fine choice. Rarely blocked, rarely probed by ssh kiddies. It's probed all the time by malicious web spiders, but since you're not a web server, you don't care.
Except if you're running a version of OpenSSL that has a vulnerability, you could be inviting trouble - particularly with kiddies scanning for Apache with vulnerable versions of OpenSSL attached by way of mod_ssl etc...
It's worth noting that while OpenSSH uses OpenSSL for crypto, most of the recent vulnerabilities in OpenSSL do not extend to OpenSSH, because they're in the SSL state machine, not the crypto. -Ekr