Securing SSH access

Corey Edwards tensai at zmonkey.org
Tue Apr 22 13:10:47 MDT 2008


On Tue, 2008-04-22 at 12:21 -0600, Kimball Larsen wrote:
> I could pretty easily write a script to modify the contents of the  
> host.allow, but the syntax for the hosts.allow file is such that it  
> would be easier to re-write the file each time, rather than being able  
> to just update the permitted IP address.  I'd prefer not to have to do  
> this.
> 
> So, what do you use for your whitelist?

I wrote an iptables-based auto blacklisting daemon that I use. It works
quite well and has reasonable precautions to prevent you from locking
yourself out. It hasn't been updated in a while, but then again it also
hasn't broken in a while either.

        http://www.zmonkey.org/~tensai/ssh-lockout/

Corey





More information about the PLUG mailing list