[j-nsp] Changing SSH port on EX switches, M routers
Stefan Fouant
sfouant at shortestpathfirst.net
Sun Apr 3 17:02:42 EDT 2011
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Chris Kawchuk
> Sent: Sunday, April 03, 2011 4:48 PM
>
> P.S. the 'ssh' services port is defined in /etc/services. Unsure if you
> adjust the line, that it may move the listening port. Might be worth a
> try; but naturally this would be a Juniper-unsupported configuration
> and will probably be overwritten on a software upgrade. It may also
> affect your firewall filters in the [from] stanza. YMMV.
I'm surprised by how many people on this list still think that 'Security
through Obscurity' is an effective means of securing devices. Nmap or any
other suitable scanner could isolate the SSH port in relatively no time at
all.
As a matter of practice I think that isolating the allowed IPs which might
avail of the SSH port or any other management service for that matter is a
much better overall solution.
Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB4C956EC
More information about the juniper-nsp
mailing list