Am 16.07.2011 21:51, schrieb Peggy Wilkins: > I have nothing to say against iptables and other full firewall > solutions. However, for my part running a number of desktops for > other people at work with only sshd as a service, tcp wrappers plus > denyhosts (plus disabling password authentication for good measure) > already does exactly what I want. Performance doesn't enter into this > issue for us, we have so many spare CPU cycles it's comical.
If you don't enable password authentication, restricting access to the ssh server on a per-host basis is completely unnecessary. Anyway, sshd can be configured to deny connections depending on the host, you don't need tcp_wrappers for that. It would require actually reading a manpage though.
signature.asc
Description: OpenPGP digital signature
