Am 16.07.2011 21:51, schrieb Peggy Wilkins:
> I have nothing to say against iptables and other full firewall
> solutions.  However, for my part running a number of desktops for
> other people at work with only sshd as a service, tcp wrappers plus
> denyhosts (plus disabling password authentication for good measure)
> already does exactly what I want.  Performance doesn't enter into this
> issue for us, we have so many spare CPU cycles it's comical.

If you don't enable password authentication, restricting access to the
ssh server on a per-host basis is completely unnecessary.

Anyway, sshd can be configured to deny connections depending on the
host, you don't need tcp_wrappers for that. It would require actually
reading a manpage though.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to