# ssh port forward alternatives?



## mrhobbeys (Jul 13, 2012)

I feel kind of silly for asking this but last time I had port forwarding setup I got tons of random attempts to login, and other strange traffic. So what alternative options do I have for connecting to my FreeBSD from the internet?


----------



## mrhobbeys (Jul 14, 2012)

Just as an update I used a nonstandard port and just had it forward to the proper 22. 

I am interested in knowing if their is a better way, this is the first time I am going to be actually administrating a machine exclusively (well as much as possible) from the internet, and I would like to get into the habit of using as many good practices as I can. On that note I have setup the users such that root has a long alpha numeric symbol password of 25 char. and the user I login with is part of the wheel group and has a alpha numeric symbol based password that is 23 char. I would be interested if anyone has some changes I might consider making.


----------



## Gio01 (Jul 14, 2012)

Please edit your ETC/sshd/sshd_config.conf 
The part : 


```
Port 22 <- your port
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
```


----------



## J65nko (Jul 14, 2012)

Use public key authentication as described in http://forums.freebsd.org/showthread.php?t=1508
After you set this up, you can save some typing by using a ~/.ssh/config configurations file


```
Host myserver
    Hostname xxxyyyzz.com
    User johndoe343
    Port 4022
```
With this you can login with `$ ssh myserver` instead of `$ ssh -p 4022 [email=johndoe343@xxxyyyzz.com]johndoe343@xxxyyyzz.com[/email]`

See ssh_config(5).


----------



## wblock@ (Jul 14, 2012)

Michael Lucas points out in _SSH Mastery_ (recommended) that changing ports does not really improve security, it just quiets the logs.  security/sshguard helps lock out the jerks.


----------

