[svlug] deny ssh

David Masten dmasten at piratelabs.org
Tue Nov 27 11:35:02 PST 2001


On Tue, 2001-11-27 at 09:28, Robert Khachikyan wrote:
> or just put ipchains and deny the ip to port 22(ssh).
> 
> 

This is very ugly. It works, but it is just a *Bad Thing* (unless
ipchains is already running). This adds additional processing for every
IP packet. For a typical home machine with DSL or Cable networking, it
is no big deal, for any type of network intensive or CPU intensive
machine, it is a very big deal.

Recompiling the sshd to include the tcp-wrappers option is the best way.
Dave




More information about the svlug mailing list