I use nonstandard ports for just about everything such as Docker containers, including ssh. However, modern bots are quite capable of scanning your server for vulnerabilities, CVE, zero day, and SSH. A non standard SSH port does reduce noise a bit but isn’t a reliable defense against scanners.
Comment on Notes on full disk encryption on a Hetzner cloud VPS
john_t@piefed.ee 1 month ago
Am I the only one using a random 5 digit port for ssh? Why using the default port 22? It’s just saving time for an attacker.
irmadlad@lemmy.world 1 month ago
ShortN0te@lemmy.ml 1 month ago
The whole port range can be scanned in under a second. A real attack does not care if your ssh port is 22 or 69420. Changing Port is just snake oil.
ralakus@lemmy.world 1 month ago
They might care if it’s 69420 since the max port number is 2^16 = 65536
frongt@lemmy.zip 1 month ago
It can be scanned, but definitely not under a second.
ShortN0te@lemmy.ml 1 month ago
Yes, it is called multithreading. Just one example: github.com/BrandonBerne/masscan
frongt@lemmy.zip 1 month ago
You can fire packets as fast as you like, but if my end can’t process them that fast, either they’ll get dropped or you’ll knock me offline. Neither makes a valid scan.
tburkhol@lemmy.world 1 month ago
To me, the nonstandard port is mostly nice for reducing log spam from scripts. The risk is that using a nonstandard port lulls one into a false sense of security and overlook good sshd practices. Good sshd practices will prevent the script-kiddies just as well as the non-standard port, while a non-standard port will not challenge a targeted attack. And, if you interact with multiple servers, it can be inconvenient to remember a different port for each one.