Sshd: Difference between revisions

From Hackepedia
Jump to navigationJump to search
Frankk (talk | contribs)
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
The server [[daemon]] of the [[ssh]] implementation.  This daemon listens on [[port]] 22 by default. Some admins change the port if they believe in [[security by obscurity]]. The difficulty is then you'd also have to change the daemon banner that sshd returns for this to be really useful. [http://www.monkey.org/~provos/scanssh/ scannssh] is based on this concept.  
The server [[daemon]] of the [[ssh]] implementation.  This daemon listens on [[ports|port]] 22 by default. Some admins change the port in sshd_config if they believe in [[security by obscurity]]. The difficulty is then you'd also have to change the daemon banner that sshd returns for this to be really useful. [http://www.monkey.org/~provos/scanssh/ scannssh] is based on this concept.  


  # nc mail.yashy.com 22
  # nc mail.yashy.com 22
Line 8: Line 8:




As you can see, the banner has been modified in this example, but it is still quite obvious what this daemon is for unless you remove "SSH" from the banner.
As you can see, the banner has been modified in this example, but it is still quite obvious what this daemon is for unless you remove "SSH" from the banner. This is not recommended, as ssh clients require it.  


If you only connect to your sshd via a few different shell acounts, you should configure your [[firewall]] to only allow access to your sshd port via the IP(s) of those shells.
If you only connect to your sshd via a few different shell acounts, you should configure your [[firewall]] to only allow access to your sshd port via the IP(s) of those shells. This way it appears to be closed to the rest of the internet.


You might also look into [http://www.portknocking.org/ port knocking] if you run an sshd you're trying to conceal.
You might also look into [http://www.portknocking.org/ port knocking] if you run an sshd you're trying to conceal.

Latest revision as of 20:19, 1 December 2005

The server daemon of the ssh implementation. This daemon listens on port 22 by default. Some admins change the port in sshd_config if they believe in security by obscurity. The difficulty is then you'd also have to change the daemon banner that sshd returns for this to be really useful. scannssh is based on this concept.

# nc mail.yashy.com 22
Trying 206.248.137.44...
Connected to mail.yashy.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.8.1p1 YashSSHD-20051225


As you can see, the banner has been modified in this example, but it is still quite obvious what this daemon is for unless you remove "SSH" from the banner. This is not recommended, as ssh clients require it.

If you only connect to your sshd via a few different shell acounts, you should configure your firewall to only allow access to your sshd port via the IP(s) of those shells. This way it appears to be closed to the rest of the internet.

You might also look into port knocking if you run an sshd you're trying to conceal.