Sshd: Difference between revisions
No edit summary |
No edit summary |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
The server [[daemon]] of the [[ssh]] implementation. This daemon listens on [[port]] 22 | The server [[daemon]] of the [[ssh]] implementation. This daemon listens on [[ports|port]] 22 by default. Some admins change the port in sshd_config if they believe in [[security by obscurity]]. The difficulty is then you'd also have to change the daemon banner that sshd returns for this to be really useful. [http://www.monkey.org/~provos/scanssh/ scannssh] is based on this concept. | ||
# nc mail.yashy.com 22 | |||
Trying 206.248.137.44... | |||
Connected to mail.yashy.com. | |||
Escape character is '^]'. | |||
SSH-2.0-OpenSSH_3.8.1p1 YashSSHD-20051225 | |||
As you can see, the banner has been modified in this example, but it is still quite obvious what this daemon is for unless you remove "SSH" from the banner. This is not recommended, as ssh clients require it. | |||
If you only connect to your sshd via a few different shell acounts, you should configure your [[firewall]] to only allow access to your sshd port via the IP(s) of those shells. This way it appears to be closed to the rest of the internet. | |||
You might also look into [http://www.portknocking.org/ port knocking] if you run an sshd you're trying to conceal. |
Latest revision as of 20:19, 1 December 2005
The server daemon of the ssh implementation. This daemon listens on port 22 by default. Some admins change the port in sshd_config if they believe in security by obscurity. The difficulty is then you'd also have to change the daemon banner that sshd returns for this to be really useful. scannssh is based on this concept.
# nc mail.yashy.com 22 Trying 206.248.137.44... Connected to mail.yashy.com. Escape character is '^]'. SSH-2.0-OpenSSH_3.8.1p1 YashSSHD-20051225
As you can see, the banner has been modified in this example, but it is still quite obvious what this daemon is for unless you remove "SSH" from the banner. This is not recommended, as ssh clients require it.
If you only connect to your sshd via a few different shell acounts, you should configure your firewall to only allow access to your sshd port via the IP(s) of those shells. This way it appears to be closed to the rest of the internet.
You might also look into port knocking if you run an sshd you're trying to conceal.