Edwin Dicker fedora at
Sat Feb 11 22:38:10 UTC 2006

Ashley M. Kirchner wrote:
>    I have SSH locked down (through hosts.deny/.allow) to only allow 
> known IPs to connect.  This was done to curb the rash of script kiddies 
> banging on it with dictionary attacks.  However, one of my users is on 
> DHCP which means every so often I need to change his entry in my 
> hosts.allow file.  Bit of a pain when I'm not in town or near a machine 
> to check e-mail.  So the question is: is there some way to solve this 
> problem?

I use daemonshield. It's a nice daemon which dynamically adds a iptables
rule to block incoming ssh bursts from a particular IP address.
After a while the rule will be automatically deleted.


More information about the users mailing list