Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    hosts.allow vs hosts.deny

    I have SSH connection only for specific IP's allowed at the router, i.e. all requests for port 22 are blocked except 2 custom services on the router allow SSH from my home and a software vendor's office. Both addresses are in hosts.allow for sshd. If one of these addresses were in hosts.deny which file would control access?

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    I believe allow is read before deny. You should be able to google this.
    I prefer to use iptables for this.


    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    I generally dislike those setups. If - by any chance - ip addresses change (new ISP?) and somebody forgets to update the configuration (or notices the change later or is informed by the ISP too late or simply forgets that specific host) you have successfully firewalled yourself out of your administrator domain.

    There is at least one smarter way to secure ssh against bruteforce attacks that I know about: fail2ban

    It will monitor the ssh logfiles for failed login attempts and after hitting a treshold (i.e. 3 times) it will firewall the source for 15 minutes.

    Of course that helps only if you use one superstrong credential that can't be guessed and multiple ssh keys (my favorite) for employees that shouldn't know the superstrong master credential (and of course are not allowed to change it ).


  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts