denying spam hosts ssh access - good idea?

Lowell Gilbert freebsd-questions-local at
Mon Jan 11 16:15:59 UTC 2010

Anton Shterenlikht <mexas at> writes:

> I'm very grateful for all advice, but I'm still unsure
> why denying ssh access to a particular host via /etc/hosts.allow
> is a bad idea.

As far as I recall, the reason the warning was added to the manual was
that it's fairly heavy on resources to implement that way (especially
back before the wrapper support was added to sshd; running it out of
inetd added quite a bit of lag).  It is also liable to problems from the
idiosyncratic configuration syntax.

By and large, you'd be better off with a firewall, but hosts.allow will
certainly work if you want to do that.

Lowell Gilbert, embedded/networking software engineer, Boston area

More information about the freebsd-questions mailing list