Off topic: Hacker
Brian Gaynor
briang at pmccorp.com
Mon Aug 15 23:24:16 UTC 2005
On Tue, 2005-08-16 at 08:40 +1000, Michael D. Setzer II wrote:
> Is there an advantage to this over using /etc/hosts.allow and
> /etc/hosts.deny.
>
> I setup a hosts.allows with sshd: localip blocks and the hosts.deny
> with sshd:ALL.
>
> On our campus with have 4 Class C IP block, and I include my
> home machines IP, so I can access it from there, and now attempts
> just show as refused, instead of the bad passwords.
No advantage, if you can use your whitelist by all means do so. I can't
easily whitelist (users traveling, connecting where they can), so
instead I use iptables and denyhosts to dynamically blacklist. If you
have to leave ssh open and on the standard port the dynamic blacklisting
is very effective.
--
Brian Gaynor
www.pmccorp.com
FC4/Linux on DELL Inspiron 5160 3.0Ghz
canis 16:14:20 up 7 min, 1
user, load average: 0.25, 0.50,
More information about the fedora-list
mailing list