keyboard_error Posted September 11, 2012 Share Posted September 11, 2012 I was wondering if it would be secure to run ssh on port 22 on a ddwrt router. I'm using a key not a password for login. Right now i'm running it on port 2223 but I think i'm running into firewall issues at my university. I can't connect to my ssh server on port 2223 but I can connect to another on that is running on port 22. I'm wondering what port I should change to. Quote Link to comment Share on other sites More sharing options...
Sitwon Posted September 11, 2012 Share Posted September 11, 2012 If password login is disabled then it's perfectly fine to run SSH on port 22. Quote Link to comment Share on other sites More sharing options...
telot Posted September 12, 2012 Share Posted September 12, 2012 You can try any number of other ports - just make sure your firewall on your server side is port forwarding the appropriate ports. So you can either change the port on your server (/etc/ssh/sshd_config) or if your router/firewall supports it, you can do port mapping. For instance, I can map port 2020 to 22 on my server. So when I'm out in the world, I type ssh -p 2020 user@telotsawesomeserver.com and my router/firewall makes port 2020 from outside internet connect to port 22 on my inside intranet at my house. All this does is prevent script kiddies from attempting to brute force my server - security through obscurity. telot Quote Link to comment Share on other sites More sharing options...
manouche Posted September 12, 2012 Share Posted September 12, 2012 I would have thought your "school" (-sounds funny to a Brit,- unless you are under 16!) is much less likely to block some other ports than 22 (after all that is practically saying its ok to tunnel out using ssh). I am thinking explicitly of ports such as 443 which is the standard SSL/HTTPS port, -if they block that then no secure sites will work such as banking or library sites so thats highly unlikely. If you are running a pure ssh server rather than say OpenVPN which also uses SSL then that should be fine. You will probably still get a few bots knocking on that port but they will not be expecting SSH there! There is also always port 80 of course, providing you are not running a web server on your (Home?) server. Also have you checked that they are not using a proxy which is more common in large institutions. You can find out the details of the proxy simply by checking the internet connection settings on the browser on one of the institutions machines and use those details in putty to get out that way (I do that all the time to tunnel out of my "institution" -and no I am not being held at her majesties pleasure!) Quote Link to comment Share on other sites More sharing options...
badbass Posted September 15, 2012 Share Posted September 15, 2012 What ever port you choose do a netcat. Quote Link to comment Share on other sites More sharing options...
TheGuyWithSticks Posted September 18, 2012 Share Posted September 18, 2012 (edited) Using port 22 is safe, as long as you've configured your router correctly. You said you're using keys, and not passwords, but make sure you're only using authorized keys, and not just any. To be extra safe, you want authorized keys only, plus passwords, but that's usually overkill unless you're paranoid or in a high risk environment. As for using a different port other than 22, that's referred to as Security through obscurity. I was taught against it because of the basics. If your basics are flawed, no amount of secrecy will save you. And if your system is secure, secrecy won't help since you're good. Edited September 19, 2012 by TheGuyWithSticks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.