[svlug] deny ssh

John Conover conover at rahul.net
Tue Nov 27 03:09:01 PST 2001


Depending on how anal you want to be, you can use tcpserver at:

    http://cr.yp.to/ucspi-tcp.html

which has an individual access control file for each service, and you
don't have to worry about hosts.* semantics anymore. Access
modifications do not require a program HUP. If you want to replace
inetd, then:

    http://cr.yp.to/daemontools.html

will keep things running, with individual execution controls, (HUP,
etc.,) for each individual service-each of which are access logged.

Makes a secure system, with DoS robustness.

        John

BTW, be advised that the license for ucspi and daemontools is open
source, but not GPL-but a lot of big sites have dropped inetd in favor
of it, (many running without a firewall-tcpserver being the only
access control; some access control files are huge.)

step1b at cyberspace.org writes:
> hi
> How do I deny ssh from a particular host ?
> I am using RH6.2.
> 
> hosts.deny/allow worked on RH7.1 but not on 6.2.
> 
-- 

John Conover        Tel. 408.370.2688  conover at rahul.net
631 Lamont Ct.      Fax. 408.379.9602  http://www.johncon.com/
Campbell, CA 95008  Cel. 408.772.7733  





More information about the svlug mailing list