<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class=""><div class="h5"><div class="gmail_extra">
<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">
<div><div>On 22 July 2014 00:52, Guy Gold <span dir="ltr"><<a href="mailto:guy1gold@gmail.com" target="_blank">guy1gold@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi Erez,<br><br><div><div class="gmail_extra">On Mon, Jul 21, 2014 at 4:18 AM, Erez D <span dir="ltr"><<a href="mailto:erez0001@gmail.com" target="_blank">erez0001@gmail.com</a>></span> wrote:<br><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><br>
</div>it is not even a dynamic ip, it is a private ip behind a dynamic one<br></blockquote><div><br></div><div>Then, what Eliyahu wrote should serve you a perfect solution. <br></div></div></div></div></div></blockquote>
</div></div></div></div></div><span></span></blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></div></div></blockquote></div><br clear="all"></div><div class="gmail_extra">Although this can become a flame-war :) <br>
</div><div class="gmail_extra"><br>Source:<br><a href="https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/">https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/</a><br>
<p>==Begin quote ==<br></p><p>But there are more reasons why this is a bad idea and one of the most
important reason has to do with a bit of the (Linux) way of handling
TCP/IP ports. When you are logged onto a system as a non-root user
(anyone not being uid 0), you cannot create a listing TCP or UDP port
below 1024. This is because port numbers below 1024 are so-called
privileged ports and can only be opened by root or processes that are
running as root. So for instance, when your webserver (apache, nginx
etc) will start, it will do so as the privileged root user in order to
open up a listening connection to port 80 (the port that by default will
be used for HTTP traffic). Now, as soon as the port is opened and
everything that needs to be done as root is done, the webserver will
fall back to a non-privileged user (either the www-data, apache, or
nobody user). From that point, when something bad is happening, it is
only limited to the rights that that user has.</p>
<p>Now, back to SSH: when we start SSH on port 22, we know for a fact
that this is done by root or a root-process since no other user could
possibly open that port. But what happens when we move SSH to port 2222?
This port can be opened without a privileged account, which means I can
write a simple script that listens to port 2222 and mimics SSH in order
to capture your passwords. And this can easily be done with simple
tools commonly available on every linux system/server. So running SSH on
a non-privileged port makes it potentially LESS secure, not MORE. You
have no way of knowing if you are talking to the real SSH server or not.
This reason, and this reason alone makes it that you should NEVER EVER
use a non-privileged port for running your SSH server.</p>==End quote==<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Reading the whole page is recommended. <br><br></div><div class="gmail_extra">Though, some of Joshua Thijssen's points can be argued against (not by myself, but I'm sure some folks can find some caveats in his article). I tend to agree with what he points out. <br>
<br></div><div class="gmail_extra">I do acknowledge that SBO (security by...) divides quite a bit sysadmins apart. Some live by it, and some, well, ridicule it, and for them, seeing another sysadmin use such method is a tell sign of anachronism. The beauty is that we can all choose, and what is important is being informed. <br>
</div><div class="gmail_extra"><br>-- <br>Guy Gold
</div></div>