denying spam hosts ssh access - good idea?

[Lowell Gilbert]

Anton Shterenlikht <mexas at bristol.ac.uk> writes:

> I'm very grateful for all advice, but I'm still unsure
> why denying ssh access to a particular host via /etc/hosts.allow
> is a bad idea.

As far as I recall, the reason the warning was added to the manual was
that it's fairly heavy on resources to implement that way (especially
back before the wrapper support was added to sshd; running it out of
inetd added quite a bit of lag).  It is also liable to problems from the
idiosyncratic configuration syntax.

By and large, you'd be better off with a firewall, but hosts.allow will
certainly work if you want to do that.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/