From Hackepedia
Jump to navigationJump to search

The server daemon of the ssh implementation. This daemon listens on port 22 by default. Some admins change the port in sshd_config if they believe in security by obscurity. The difficulty is then you'd also have to change the daemon banner that sshd returns for this to be really useful. scannssh is based on this concept.

# nc 22
Connected to
Escape character is '^]'.
SSH-2.0-OpenSSH_3.8.1p1 YashSSHD-20051225

As you can see, the banner has been modified in this example, but it is still quite obvious what this daemon is for unless you remove "SSH" from the banner. This is not recommended, as ssh clients require it.

If you only connect to your sshd via a few different shell acounts, you should configure your firewall to only allow access to your sshd port via the IP(s) of those shells. This way it appears to be closed to the rest of the internet.

You might also look into port knocking if you run an sshd you're trying to conceal.