Note that the root restriction isn’t strictly true any more: for example, on Lin... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		acdha on Sept 21, 2020 \| parent \| context \| favorite \| on: Moving your SSH port isn’t security by obscurity Note that the root restriction isn’t strictly true any more: for example, on Linux you could grant the CAP_NET_BIND_SERVICE capability to a process and run it as a non-root user. If you have network services running as root just to be able to bind a low port, you could avoid that. In the case of sshd, of course, it would also need permission to start sessions as another user.

ramtatatam on Sept 21, 2020 [–]

I only do this for nginx serving content on http(s) ports, but of course technically if my host got compromised an attacker could do the same for ssh port. But at this point (having root) he/she would not have to do this (I don't use passwords) and I would be already doomed :)

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact