Most IRLP Nodes run an OpenSSH Server which provides remote command shell access to them.  It is very handy and highly recommended due to its ease of use and secure implementation.  That being said, any remote access methods introduce a certain amount of risk, even if the methods used are considered, "secure."  There are things we can do to decrease that risk.  One of them involves changing the default port on which the SSH server listens for connections.  Since this is a very easy thing to accomplish and only takes a minute or so to do, it's a step I recommend to everyone who runs an SSH server.  The following steps will cause your server to stop listening for SSH connections on the default port (TCP port 22), and cause it to start listening for connections on some other port of your choosing:

1. Login to your IRLP Node and become root (directly login as root or su as necessary).
2. Change to the SSH configuration files directory by doing, "cd /etc/ssh" at the command prompt.
3. Make a backup of the original sshd_config file by doing, "cp sshd_config sshd_config_orig" at the command prompt.
4. Open the sshd_config file in your text editor (use vim, pico, etc.) and find the line that starts with, "Port" near the top of the file.  It may be commented out in some versions in which case the default port of 22 is used by the server.  In any case the, "Port" directive needs to be un-commented and have a number other than 22 after it (must also be in the range of 1-65535).  The number you specify will be the new port on which the server will listen for connections.  For example, if you wanted the SSH server to listen on port 2022, you would make sure the line reads:

Port 2022

5. Save the modified sshd_config file.
6. Re-load the SSH server by doing, "/etc/init.d/ssh reload" (It may be /etc/init.d/sshd or similar - just check for the init script within your /etc/init.d/ directory if you get a, "file not found" type error.)
7. Once you have reloaded the SSH server, it will be listening on the new port.  Your current shell session over SSH will still be active (assuming you are doing this remotely over SSH) even though the server is now listening on the new port.  Once you close the current connection, there will be no future connections accepted on the old default port.  To test it, simply logout and then try to log back in again over SSH.  Unless you tell your SSH client to connect to the new port, your connection attempt will be ignored by the SSH server.

There are some other things you may want to add to your SSH server's config file which will enhance connection robustness and increase performance over slow and/or latent connections.  I *always* add the following lines to my sshd_config file on all my nodes and servers:

# compress data over connection
Compression yes

# keep connection alive
ClientAliveInterval 60

The first one enables data compression.  There's never a reason not to run compression.  The CPU overhead is so minimal and the performance of the data transfer so great, that the choice should be obvious!  I don't know why it's not the default - maybe it is...

The second one helps keep the session from closing due to periods of inactivity.  I don't want the connection to close until I'm ready to close it.  This helps in that regard.

These simple steps should increase performance and will effectively hide your SSH server from the mindless SSH scanner scripts that are constantly being run across the 'Net looking for possible targets.