denying spam hosts ssh access - good idea?
freebsd-questions-local at be-well.ilk.org
Mon Jan 11 16:15:59 UTC 2010
Anton Shterenlikht <mexas at bristol.ac.uk> writes:
> I'm very grateful for all advice, but I'm still unsure
> why denying ssh access to a particular host via /etc/hosts.allow
> is a bad idea.
As far as I recall, the reason the warning was added to the manual was
that it's fairly heavy on resources to implement that way (especially
back before the wrapper support was added to sshd; running it out of
inetd added quite a bit of lag). It is also liable to problems from the
idiosyncratic configuration syntax.
By and large, you'd be better off with a firewall, but hosts.allow will
certainly work if you want to do that.
Lowell Gilbert, embedded/networking software engineer, Boston area
More information about the freebsd-questions