Hi
I have been running sshd under the control of inetd, using the default port of 22
And of course, it all works fine. I know the man page for sshd suggests that I'd be more efficient running sshd direcctly but my way, I get to play with hosts.allow and all it's rules - I can mostly watch the script kiddies trying to hit me and hosts.allow rules separate all their attempts into various categories. Which is interesting.
I do use key-based, not password-based authentication, by the way.
But when I try to change the port to a higher, non-standard port (by adding Port 12345 in sshd.config as well as a Port 22 line) and restart inetd, sockstat -l still only shows inetd listening on 22. I can't get in to the system via the higher port.
a. I haven't changed sshd_config to just a single Port 12345 yet. 'cos I have already locked myself out of the system once and really on remote admins to let me back in. So I don't know if this works.
b. Do the rules in hosts.allow mean much for a secure and tight sshd implementation. Or am I really better off firing up sshd direct? If so, can I get sshd to log unsuccessful login attempts a la inetd?
c. Finally, is there a way to force inetd to listen to a higher port for sshd as well as the default port 22? I want to do this and when I know all is well, I'll disable port 22 access.
But Ineed to be careful in my setup and testing as when I screw up, I have to beg remote admins to bail me out. Like now! :-(
Cheers
Bill
I have been running sshd under the control of inetd, using the default port of 22
And of course, it all works fine. I know the man page for sshd suggests that I'd be more efficient running sshd direcctly but my way, I get to play with hosts.allow and all it's rules - I can mostly watch the script kiddies trying to hit me and hosts.allow rules separate all their attempts into various categories. Which is interesting.
I do use key-based, not password-based authentication, by the way.
But when I try to change the port to a higher, non-standard port (by adding Port 12345 in sshd.config as well as a Port 22 line) and restart inetd, sockstat -l still only shows inetd listening on 22. I can't get in to the system via the higher port.
a. I haven't changed sshd_config to just a single Port 12345 yet. 'cos I have already locked myself out of the system once and really on remote admins to let me back in. So I don't know if this works.
b. Do the rules in hosts.allow mean much for a secure and tight sshd implementation. Or am I really better off firing up sshd direct? If so, can I get sshd to log unsuccessful login attempts a la inetd?
c. Finally, is there a way to force inetd to listen to a higher port for sshd as well as the default port 22? I want to do this and when I know all is well, I'll disable port 22 access.
But Ineed to be careful in my setup and testing as when I screw up, I have to beg remote admins to bail me out. Like now! :-(
Cheers
Bill
