Securing SSH access
Corey Edwards
tensai at zmonkey.org
Tue Apr 22 13:10:47 MDT 2008
On Tue, 2008-04-22 at 12:21 -0600, Kimball Larsen wrote:
> I could pretty easily write a script to modify the contents of the
> host.allow, but the syntax for the hosts.allow file is such that it
> would be easier to re-write the file each time, rather than being able
> to just update the permitted IP address. I'd prefer not to have to do
> this.
>
> So, what do you use for your whitelist?
I wrote an iptables-based auto blacklisting daemon that I use. It works
quite well and has reasonable precautions to prevent you from locking
yourself out. It hasn't been updated in a while, but then again it also
hasn't broken in a while either.
http://www.zmonkey.org/~tensai/ssh-lockout/
Corey
More information about the PLUG
mailing list