On Fri, 2005-11-25 at 05:19, Vijay Gill wrote: > I am working on the idea of writing a small script which will modify > the port of sshd every day according to some logic I will use on the > client side to find the port for that day. This script will run in > background and will do the job of modifying the config file and > restarting of the service automatically. > > Does that sound like even more seure idea? > > Regards from > Vijay Gill Actually that will not buy you more security. If you disable root ssh access, use good passwords, use keys, use ssh2 only, and restrict the users that are allowed to ssh to the system you have covered most of the items that improve your security. Changing the ssh port is generally not viewed as making your system more secure. It will keep the script kiddies from knocking on the door but any one that targets your system specifically will scan all ports and find that you have ssh on a different port. I use a different port for ssh. This keeps my log files cleaner. But it does not make my system any more secure. That is taken care of by using the other methods mentioned above for ssh. You might want to check out port knocking. Although there was an article posted on the web that argued that even port knocking does not proved any added security. Just remember that you want to keep your system just a little more secure than the next system. Just be careful not to make things so complex that you introduce a security hole. Most of the ssh scanning going on relies on people not using good passwords. By simply using good passwords on all accounts the risk is all but eliminated. It is sad how many systems out there have accounts with very poor passwords.
