ssh port forward alternatives?

[mrhobbeys]

I feel kind of silly for asking this but last time I had port forwarding setup I got tons of random attempts to login, and other strange traffic. So what alternative options do I have for connecting to my FreeBSD from the internet?

 

[mrhobbeys]

Just as an update I used a nonstandard port and just had it forward to the proper 22.

I am interested in knowing if their is a better way, this is the first time I am going to be actually administrating a machine exclusively (well as much as possible) from the internet, and I would like to get into the habit of using as many good practices as I can. On that note I have setup the users such that root has a long alpha numeric symbol password of 25 char. and the user I login with is part of the wheel group and has a alpha numeric symbol based password that is 23 char. I would be interested if anyone has some changes I might consider making.

 

[Gio01]

Please edit your ETC/sshd/sshd_config.conf
The part :

Port 22 <- your port
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

 

[J65nko]

Use public key authentication as described in http://forums.freebsd.org/showthread.php?t=1508
After you set this up, you can save some typing by using a ~/.ssh/config configurations file

Host myserver
    Hostname xxxyyyzz.com
    User johndoe343
    Port 4022

With this you can login with $ ssh myserver instead of $ ssh -p 4022 [email=johndoe343@xxxyyyzz.com]johndoe343@xxxyyyzz.com[/email]

See ssh_config(5).

 

[wblock@]

Michael Lucas points out in SSH Mastery (recommended) that changing ports does not really improve security, it just quiets the logs. security/sshguard helps lock out the jerks.