[Sussex] unauthorised ssh attempts

Dominic Clay dominic.clay at beddowsbooks.co.uk
Fri Aug 20 10:06:08 UTC 2004

I could be wrong here, but my understanding (and it was a while since I
looked at this) is that the original connection for any IP 'transaction'
will be on the standardised port (either specified by you or a defaulted
value) - ie port 22.  After this, the process will select another port to
communicate on.  I think this is essentially to free up the 'standard' port
for the next 'initial' client connection.

This means that much of the communication may be on other ports that
originally specified.

As I say this is just from memory and my brain has become a little addled
recently! It is very likely to be innacurate or just downright wrong, but it
might persuade someone who knows better to explain ;)

Can anybody correct me here?


> >> Can someone explain the significance of the port numbers?  I have port
> > 22
> >> open for ssh plus 25 and a couple for vnc, but everything else is
> > blocked
> >> at the firewall and yet my server seems to be rejecting login attempts
> > on
> >> other ports because of incorrect usernames and passwords.
> >>

More information about the Sussex mailing list