Answers

2016-04-05T08:29:48+05:30
Equivocation: ambiguity or uncertainty of meaning in words; misapprehension arising from the ambiguity of terms; the using of a word or phrase in more than one sense. OED

The equivocation web site is primarily a set of personal notes about software, techniques, and other topics I find interesting or useful. Why is it called "equivocation"? Because descriptions of software and computer related techniques easily succumb to equivocation. I will endeavour to avoid this (although, I don't promise to succeeded).

Recent entries
SElinux and alternative ssh ports
Sat, 07 Jun 2008
It is quite common, and can be very effective, to use alternative/non-standard ssh ports to avoid port scans. Normally ssh listens for incoming connections on port 22. As this is its published port number it is easy for people and software to connect to this port and try random or typical user names and passwords (e.g. "root" user with password "password"). To make this more difficult ssh can be set up to listen to a non-standard port so that only those who know which port it is can connect quickly and easily. This technique is one I have used successfully for many years. With the release of Fedora 9 and the expansion of its SElinux policy, getting ssh to listen on alternative ports requires an additional step.
It is quite common, and can be very effective, to use alternative/non-standard ssh ports to avoid port scans. Normally ssh listens for incoming connections on port 22. As this is its published port number it is easy for people and software to connect to this port and try random or typical user names and passwords (e.g. "root" user with password "password"). To make this more difficult ssh can be set up to listen to a non-standard port so that only those who know which port it is can connect quickly and easily. This technique is one I have used successfully for many years. With the release of Fedora 9 and the expansion of its SElinux policy, getting ssh to listen on alternative ports requires an additional step.

The general approach to setting up an alternative port is simply to change or add a "Port" option in the sshd configuration file (usually /etc/ssh/sshd_config) and make appropriate changes to the firewall infrastructure. In Fedora 9 the ssh daemon is more fully confined by the default targeted SELinux policy. In particular, the ssh daemon (called sshd) is only able to connect to ports labelled with the ssh_port_t security type. You can see the SElinux policy labelling of ports using the SElinux command:
0