[justizin]

right, anyone who has undergone frequent ssh brute force attacks knows that they can create a nontrivial amount of cpu usage.

[atmosx]

Practically evert open 22 port receives a huge amount of scripted attacks these days.

[jqm]

Which is why a port other than 22 is pretty good practice.

[rlpb]

"There's No Protection In High Ports Anymore. If Indeed There Ever Was." http://bsdly.blogspot.co.uk/2013/02/theres-no-protection-in-...

[nikatwork]

Unless the majority of ssh brute force attacks iterate over every port value, using a non-standard port would still have value in reducing the volume of attacks.

[jimktrains2]

It's less protection and more just avoiding aimless attacks.

If someone's out to get you, then sure, they'll find the port.

If someone's out to just find any unlocked door, they'll just move on.

[rtehfm]

Except when programs are designed for SSH to communicate on port 22. Security by obscurity is not good practice but other than that, yes, using a non standard SSH port will greatly reduce random drive by attempts.

[atmosx]

Just configure the localhost to route the ssh connections over a different port. Combined with ssh keys an becomes extremely convenient setup e.g.:

    ~> cat .ssh/config
    ControlMaster auto
    ControlPath /tmp/%r@%h:%p
    ControlPersist yes

    Host hostname1
     IdentityFile ~/.ssh/id_rsa
     Hostname rem.hostname1.com
     Port 2290
     user user_name

Now you can things like:

    git clone ssh://username@hostname1/home/user/Code/repot.git

or

    scp file1.tar hostname1:/home/username && sftp hostname1

Which is pretty handy :-)

[tadfisher]

The proper method of dealing with programs like that is to fix them or use other programs.

[feld]

I changed my mail server to listen on port 26 and now I don't get spam anymore

[nrr]

I imagine you don't get much of anything with your smtpd running on port 26. (:

[atmosx]

LOL

[feld]

indeed!

[qnaal]

"stop coming to my house Internet, I just want to stay friends"