Limiting login SSH attempts?

Jason Stephenson jason at sigio.com
Sun Aug 29 19:51:01 EDT 2004


Bill McGonigle wrote:
> On Aug 29, 2004, at 19:07, John Feole wrote:
> 
>> What about using TCPWrappers and the /etc/host.allow, /etc/hosts.deny 
>> funtionality?
> 
> 
> I only know about the attack/host-ip after the fact so I can't just add 
> it to the hosts.deny.  Does TCPWrappers have some stateful rules?

If you know that legitimate ssh connections will only be coming from a 
certain range of IPs, then you can deny everything but what is in your 
hosts.allow. You don't have to worry about denying any specific IPs, 
since you deny everything but what is specifically allowed.



More information about the gnhlug-discuss mailing list