DISQUS

i used to do this, but switched to using knockd instead.

one reason i switched is that it wasn't always easy to persuade other software to use the new port. even sftp requires quite an ugly syntax to pass the parameter down to the ssh layer.

the other reason was that my isp started "traffic shaping". that means that data transfer using non-standard ports had limited bandwidth.

neither of those is a very powerful argument (and i've since changed providers - from vtr to telefonica chile - to avoid the traffic shaping) and knockd is itself a bit frustrating to use if you don't have the client handy (you can trigger it using telnet, but it's hit and miss).

even so, you might consider it... http://www.portknocking.org/</p>

ps also, of course, it can protect other protocols too.

i used to do this, but switched to using knockd instead.

one reason i switched is that it wasn't always easy to persuade other software to use the new port. even sftp requires quite an ugly syntax to pass the parameter down to the ssh layer.

the other reason was that my isp started "traffic shaping". that means that data transfer using non-standard ports had limited bandwidth.

neither of those is a very powerful argument (and i've since changed providers - from vtr to telefonica chile - to avoid the traffic shaping) and knockd is itself a bit frustrating to use if you don't have the client handy (you can trigger it using telnet, but it's hit and miss).

even so, you might consider it... http://www.portknocking.org/</p>

ps also, of course, it can protect other protocols too.

DAH sftp respects ~/.ssh/config; you only have to put the non-standard port in that file, and ssh, sftp, etc will use it.

man ssh_config.