hosts.allow ?

[Olivier Nicole]

> I'm not sure this is correct.  If you read sshd(8), you'll see in the
> FILES section that sshd will read /etc/hosts.allow and /etc/hosts.deny
> on its own (i.e. it's compiled/linked with libwrap).  Looking at
> /usr/src/crypto/openssh/Makefile.in for the sshd target verifies this.

That and sshd will re-read the file at each new connection or as soon
as the file is changed. You don't need any signal/restarting of sshd
to make the new wrapping policy effective.

Olivier