16 Jul
2011
16 Jul
'11
10:58 p.m.
Am 16.07.2011 21:51, schrieb Peggy Wilkins:
I have nothing to say against iptables and other full firewall solutions. However, for my part running a number of desktops for other people at work with only sshd as a service, tcp wrappers plus denyhosts (plus disabling password authentication for good measure) already does exactly what I want. Performance doesn't enter into this issue for us, we have so many spare CPU cycles it's comical.
If you don't enable password authentication, restricting access to the ssh server on a per-host basis is completely unnecessary. Anyway, sshd can be configured to deny connections depending on the host, you don't need tcp_wrappers for that. It would require actually reading a manpage though.