lifergeek.social is one of the many independent Mastodon servers you can use to participate in the fediverse.

Administered by:

Server stats:

3
active users

Are you a unix person? Do you host your own SSH at home to access "stuff"? If so, what port do you use to get your session started?
3selfhost

@wesmason I disable password authentication, set inbound rules, only use SSH keys that are securely stored, disable root login, etc. That’s plenty for most people. Honestly, changing the default port is just security-through-obscurity.

@srfaudio @wesmason And yet, it is found to work. A high majority of the scanning is port-based, and therefore if you're on a different port, it will not be found by the stupid script kiddies. If someone truly competent wants to get in, they will be scanning in a different way, and obfuscation will not work. But how often are you targeted by anyone truly competent?

WesMason

@wpeckham @srfaudio
You're not wrong, but I'm not expecting the script kiddies to get in either. If anything, my myriad of other services on the same IP are a much more tasty and weaker target.

@wesmason @wpeckham right. I guess my main point is:

The context of the question was SSH at home. If the only way you can SSH in is with securely-stored keys, and only from specific IP's (i.e. TailScale/WireGuard), what am I really gaining by changing the port at that point?

Public-facing web server? Sure, change the port, as one of many other things you'll do to layer security. But that's largely just to cut down on some of the scan traffic.