Date: Mon, 11 Jan 2010 11:15:56 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Anton Shterenlikht <mexas@bristol.ac.uk> Cc: freebsd-questions@freebsd.org Subject: Re: denying spam hosts ssh access - good idea? Message-ID: <44ocl0zkg3.fsf@be-well.ilk.org> In-Reply-To: <20100111145346.GK61025@mech-cluster241.men.bris.ac.uk> (Anton Shterenlikht's message of "Mon, 11 Jan 2010 14:53:46 %2B0000") References: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> <201001111408.43361.david@vizion2000.net> <ade45ae91001110618w76abd4cdrf95470712aabefac@mail.gmail.com> <20100111145346.GK61025@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Anton Shterenlikht <mexas@bristol.ac.uk> writes: > I'm very grateful for all advice, but I'm still unsure > why denying ssh access to a particular host via /etc/hosts.allow > is a bad idea. As far as I recall, the reason the warning was added to the manual was that it's fairly heavy on resources to implement that way (especially back before the wrapper support was added to sshd; running it out of inetd added quite a bit of lag). It is also liable to problems from the idiosyncratic configuration syntax. By and large, you'd be better off with a firewall, but hosts.allow will certainly work if you want to do that. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44ocl0zkg3.fsf>