Results 1 to 3 of 3
Thread: hosts.allow vs hosts.deny
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Feb 2012
hosts.allow vs hosts.deny
I believe allow is read before deny. You should be able to google this.
I prefer to use iptables for this.
The adventure of a life time.
Linux User #296285
I generally dislike those setups. If - by any chance - ip addresses change (new ISP?) and somebody forgets to update the configuration (or notices the change later or is informed by the ISP too late or simply forgets that specific host) you have successfully firewalled yourself out of your administrator domain.
There is at least one smarter way to secure ssh against bruteforce attacks that I know about: fail2ban
It will monitor the ssh logfiles for failed login attempts and after hitting a treshold (i.e. 3 times) it will firewall the source for 15 minutes.
Of course that helps only if you use one superstrong credential that can't be guessed and multiple ssh keys (my favorite) for employees that shouldn't know the superstrong master credential (and of course are not allowed to change it ).