[svlug] deny ssh
conover at rahul.net
Tue Nov 27 03:09:01 PST 2001
Depending on how anal you want to be, you can use tcpserver at:
which has an individual access control file for each service, and you
don't have to worry about hosts.* semantics anymore. Access
modifications do not require a program HUP. If you want to replace
will keep things running, with individual execution controls, (HUP,
etc.,) for each individual service-each of which are access logged.
Makes a secure system, with DoS robustness.
BTW, be advised that the license for ucspi and daemontools is open
source, but not GPL-but a lot of big sites have dropped inetd in favor
of it, (many running without a firewall-tcpserver being the only
access control; some access control files are huge.)
step1b at cyberspace.org writes:
> How do I deny ssh from a particular host ?
> I am using RH6.2.
> hosts.deny/allow worked on RH7.1 but not on 6.2.
John Conover Tel. 408.370.2688 conover at rahul.net
631 Lamont Ct. Fax. 408.379.9602 http://www.johncon.com/
Campbell, CA 95008 Cel. 408.772.7733
More information about the svlug