Solved

What are the advantages/disadvantages of changing the SSH/SFTP port?

Posted on 2016-08-25
4
84 Views
Last Modified: 2016-09-02
Hi Everybody,

I read a few articles regarding the advantages and disadvantages to change the default SSH/SFTP port 22, but it's not very clear for me.
I understood when you change the default port 22 by another, you avoid the casual port scanning on the net but then why for the security staff it's not a good idea to change it?
Sorry but somebody can explain me that clearly?

Thanks,
Javier
0
Comment
Question by:Javier Gonzalez
  • 2
4 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 250 total points
ID: 41770230
SSH is by nature a secure protocol. If you use another port than the original, you only hide it from those who don't know much, as you mentioned the casual person scanning your ports, and those people will probably not have the expertise to break into it. Those who know what to do will also be able to find the new port you have assigned, so to them that new port makes no difference and it won't hinder them from trying to break in.

For security staff it makes no sense as it doesn't really add any better security, but it might make people think it is more secure and then drop their guard.
0
 

Author Comment

by:Javier Gonzalez
ID: 41770254
Thanks Rindi for your clear explanation, I understood now nothing is improved by changing this port.
Gracias Amigo!
Javier
0
 
LVL 28

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 41773875
Only one thing is improved when you change your port.  You will have much fewer script kiddie scanners and much smaller log files.  If you have a home server on a random DSL or Cable modem line, it helps keep your log files very small and easy to manually parse.  You should still have a proper firewall to block multiple failed ssh attempts of someone skilled that happens to find your system.

It just makes no sense on public access ssh servers to change the port.  You can still change the port on the private servers to reduce the log file sizes, but you must still check the logs for suspicious activity.  Only inexperienced sysadmins will think that changing the port is secure.  It only reduces your log file sizes.
0
 

Author Closing Comment

by:Javier Gonzalez
ID: 41781508
Thanks guys!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now