this post was submitted on 03 Aug 2025
81 points (92.6% liked)

Selfhosted

50062 readers
348 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
81
How to Setup a Secure Ubuntu Home Server: A Complete Guide (www.davidma.co)
submitted 12 hours ago by udc@lemmy.world to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] emhl@feddit.org 15 points 11 hours ago (14 children)

Running SSH on a non-provileged port brings new issues. And using 2222 doesn't bring any meaningful security by obscurity advantages.

The rest of the options look nice. It would have if there would be explanations on what the options do in the example configs

[–] johannes@lemmy.jhjacobs.nl 9 points 10 hours ago (12 children)

Which issues are you referring to?

Using port 2222 may not prevent any real hackers from discovering it, but it sure does prevent a lot of them scripttkiddie attacks that use automated software.

[–] emhl@feddit.org 4 points 9 hours ago* (last edited 9 hours ago) (1 children)

Privileged ports can be used by processes that are running without root permissions. So if the sshd process would crash or stop for some other reason, any malicious user process could pretend to be the real ssh server without privilege escalation. To be fair this isn't really a concern for single user systems. But setting up fail2ban or only making ssh accessible from a local network or VPN would probably be a more helpful hardenening step

And regarding port 2222 it is the most popular non-provileged port used for SSH according to shodan.io So you ain't gaining much obscurity

[–] Laser@feddit.org 3 points 7 hours ago

Privileged ports can be used by processes that are running without root permissions.

I guess you mean unprivileged ports?

So if the sshd process would crash or stop for some other reason, any malicious user process could pretend to be the real ssh server without privilege escalation.

Not really, except on the very first connection because you need access to the root-owned and otherwise inaccessible SSH host key, otherwise you'll get the message a lot of people have probably seen after they reinstalled a system (something like "SOMEONE MIGHT BE DOING SOMETHING VERY NASTY!").

load more comments (10 replies)
load more comments (11 replies)