[svlug] deny ssh

David Masten dmasten at piratelabs.org
Tue Nov 27 11:35:02 PST 2001

On Tue, 2001-11-27 at 09:28, Robert Khachikyan wrote:
> or just put ipchains and deny the ip to port 22(ssh).

This is very ugly. It works, but it is just a *Bad Thing* (unless
ipchains is already running). This adds additional processing for every
IP packet. For a typical home machine with DSL or Cable networking, it
is no big deal, for any type of network intensive or CPU intensive
machine, it is a very big deal.

Recompiling the sshd to include the tcp-wrappers option is the best way.

More information about the svlug mailing list