Google Cloud Compute With PEM File

Home » CentOS » Google Cloud Compute With PEM File

May 17, 2016 Keith Keller CentOS 2 Comments

If you’ve blocked access to the sshd port for all but whitelisted IPs, there’s little point in moving sshd to a nonstandard port. If you want defense in depth, use the cloud firewall, the host firewall, and something like sshguard, and just leave sshd on port 22.

–keith

2 thoughts on - Google Cloud Compute With PEM File

Jonathan Billings says:

May 18, 2016 at 12:02 pm

That’s not the point. If you bind to a port > 1024, then if your non root account is compromised (or some other non-root account), then it can start up a trojaned sshd on that port.

As others have said, might as well keep it on port 22, and just block connections from any network but what you trust. Make sure you keep your packages up to date and run SELinux enabled.

—
Jonathan Billings
James B. says:

May 19, 2016 at 7:37 am

ere.
. . .

If SELinux is enabled then try this:

restorecon -R ~/.ssh

Google Cloud Compute With PEM File

2 thoughts on - Google Cloud Compute With PEM File

Recommended

Recent Posts

Recent Comments

Archives

Categories

Meta