Friday, August 20, 2010

SSH client config

For Internet-connected hosts, running SSH on a different port is a really good idea since it cuts down the noise of authentication attempts from bots looking for weak passwords. Running on a different port is not a substitute for a secure configuration (ie. no root login, key-only auth) - it is purely useful in cutting down log noise.

Unfortunately you have to remember which port you chose :) To minimise the hassle you should add entries in your client /etc/ssh/ssh_config:
Host nickname
    Port 43210
    HostName mysshserver
    User myuser
Now you can use "ssh nickname" and ssh will translate that to:
ssh -p 43210 mysshserver

No comments: