Off topic: Hacker

Brian Gaynor briang at pmccorp.com
Mon Aug 15 23:24:16 UTC 2005


On Tue, 2005-08-16 at 08:40 +1000, Michael D. Setzer II wrote:
> Is there an advantage to this over using /etc/hosts.allow and 
> /etc/hosts.deny.
> 
> I setup a hosts.allows with sshd: localip blocks and the hosts.deny 
> with sshd:ALL.
> 
> On our campus with have 4 Class C IP block, and I include my 
> home machines IP,  so I can access it from there, and now attempts 
> just show as refused, instead of the bad passwords.

No advantage, if you can use your whitelist by all means do so. I can't
easily whitelist (users traveling, connecting where they can), so
instead I use iptables and denyhosts to dynamically blacklist. If you
have to leave ssh open and on the standard port the dynamic blacklisting
is very effective. 

-- 
Brian Gaynor
www.pmccorp.com
FC4/Linux on DELL Inspiron 5160 3.0Ghz 
canis 16:14:20 up 7 min, 1 
user, load average: 0.25, 0.50, 





More information about the users mailing list