denying spam hosts ssh access - good idea?
David Southwell
david at vizion2000.net
Mon Jan 11 14:08:47 UTC 2010
> I'm thinking of denying ssh access to host from which
> I get brute force ssh attacks.
>
> HOwever, I see in /etc/hosts.allow:
>
> # Wrapping sshd(8) is not normally a good idea, but if you
> # need to do it, here's how
> #sshd : .evil.cracker.example.com : deny
>
> Why is it not a good idea?
>
> Also, apparently in older ssh there was DenyHosts option,
> but no longer in the current version.
> Is there a replacement for DenyHOsts?
> Or is there a good reason for such option not to be used?
>
> many thanks
> anton
>
I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also
use blackhole and sshguard
david
More information about the freebsd-questions
mailing list