denying spam hosts ssh access - good idea?

Anton Shterenlikht mexas at
Mon Jan 11 14:01:10 UTC 2010

I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.

HOwever, I see in /etc/hosts.allow:

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : : deny

Why is it not a good idea?

Also, apparently in older ssh there was DenyHosts option,
but no longer in the current version.
Is there a replacement for DenyHOsts?
Or is there a good reason for such option not to be used?

many thanks

Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423

More information about the freebsd-questions mailing list