[Mageia-discuss] Setting up a port forward

[Deri James]

On Friday 31 Aug 2012 22:42:26 Thomas Backlund wrote:
> Why not simply have sshd listen on 2 ports and skip need for port
> forwarding?
> 
> 
> Just uncomment the "Port 22" line in /etc/ssh/sshd_config
> and add a second line with the second port
> 
> so it would look like
> 
> Port 22
> Port 5122
> 
> and restart sshd
> 
> with this all access that expects port 22 will continue to work,
> and you can also access it through the new 5122 port.
> 
> Simple and effective, and no portforwarding needed.
> 
> --
> Thomas

And add 5122/tcp to the "Advanced" tab in MCC -> Security -> Personal Firewall 
(if you are using a personal firewall).

If the server is accessible from the internet I would recommend some further 
changes to sshd_conf. This is what I use (assuming this is a server for 
personal use, not with hundreds of users connecting):-

=================================================

LoginGraceTime 120
PermitRootLogin no

TCPKeepAlive yes

AllowUsers ->your user name here<-
MaxStartups 2:90:4

==================================================

The "MaxStartups" parameter deters the script kiddies trying to guess the 
password:-


MaxStartups
========

Specifies the maximum number of concurrent unauthenticated connections to the 
SSH daemon. Additional connections will be dropped until authentication 
succeeds or the LoginGraceTime expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by specifying the three colon 
separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse 
connection attempts with a probability of “rate/100” (30%) if there are 
currently “start” (10) unauthenticated connections. The probability increases 
linearly and all connection attempts are refused if the number of 
unauthenticated connections reaches “full” (60).

Cheers 

Deri