I use nonstandard ports for just about everything such as Docker containers, including ssh. However, modern bots are quite capable of scanning your server for vulnerabilities, CVE, zero day, and SSH. A non standard SSH port does reduce noise a bit but isn’t a reliable defense against scanners.
Comment on Notes on full disk encryption on a Hetzner cloud VPS
john_t@piefed.ee 3 weeks ago
Am I the only one using a random 5 digit port for ssh? Why using the default port 22? It’s just saving time for an attacker.
irmadlad@lemmy.world 3 weeks ago
ShortN0te@lemmy.ml 3 weeks ago
The whole port range can be scanned in under a second. A real attack does not care if your ssh port is 22 or 69420. Changing Port is just snake oil.
ralakus@lemmy.world 2 weeks ago
They might care if it’s 69420 since the max port number is 2^16 = 65536
frongt@lemmy.zip 3 weeks ago
It can be scanned, but definitely not under a second.
ShortN0te@lemmy.ml 3 weeks ago
Yes, it is called multithreading. Just one example: github.com/BrandonBerne/masscan
frongt@lemmy.zip 2 weeks ago
You can fire packets as fast as you like, but if my end can’t process them that fast, either they’ll get dropped or you’ll knock me offline. Neither makes a valid scan.
tburkhol@lemmy.world 3 weeks ago
To me, the nonstandard port is mostly nice for reducing log spam from scripts. The risk is that using a nonstandard port lulls one into a false sense of security and overlook good sshd practices. Good sshd practices will prevent the script-kiddies just as well as the non-standard port, while a non-standard port will not challenge a targeted attack. And, if you interact with multiple servers, it can be inconvenient to remember a different port for each one.