In the case of ssh either way you're more comfortable with is fine. The general idea is just to whitelist allowed hosts/netblocks as opposed to playing whack-a-mole with blacklisting ala the fail2ban approach. -Jill On 2014-10-15 21:50, JD Austin wrote: > From what I remember hosts.allow and hosts.deny only work with services > that use TCP Wrappers. > You can use the ldd commmand to determine if libwrap is compiled into a > daemon: > sudo ldd /usr/sbin/sshd| grep wrap > > For me ssh has libwrap complied in so I could use either iptables or > /etc/hosts.deny to block access. > > -- JD Austin > Voice: 480.269.4335 (480 2MY Geek) > jd@twingeckos.com > > > On Wed, Oct 15, 2014 at 2:05 PM, wrote: > > > > > > > I use IPTable to protect ssh. Should I be using hosts.allow instead? How > > does host.allow differ from using IPTables to deny all IP's to a specific > > port except for the IP's you want to give access? > > > > Keith > > > > > > > > On 2014-10-15 15:52, jill wrote: > > > >> I would point out that fail2ban is a script that scours auth.log (as > >> root) for failed authentications, parses out the source host field, > >> then runs iptables (as root) to add rules for that host. Especially > >> in light of things like shell shock, think what an attacker could do > >> with a crafted packet that caused that log line to include malicious > >> commands in the host field. You're better off properly hardening sshd > >> itself. > >> > >> White list in hosts.allow client ips/domains you will be connecting > >> from and block all others if at all possible. > >> Set your sshd_config to: > >> Never ever allow root login. Ever. > >> Whitelist explicitly what users/groups can connect on ssh. > >> Disable password-based auth and use keys, protect the heck out of your > >> private key. > >> > >> -Jill > >> > >> > >> On 2014-10-15 17:10, Stephen M wrote: > >> > >>> I am trying to learn about ssh and remoting into a computer from out of > >>> my > >>> house. I have all the ability to do this but I want to make sure my > >>> desktop is secured. I will basically be either using resources on my > >>> desktop or backing up files to my laptop. > >>> > >>> From what I have read. denyhosts and fail2ban are the same, the only > >>> difference is fail2ban requires more maintenance and has more options. > >>> If > >>> I am just trying to turn my desktop into a file server whats the best > >>> option here? > >>> > >>> -- > >>> Stephen Melheim > >>> 602-400-7707 > >>> SMelheim85@gmail.com > >>> --------------------------------------------------- > >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > >>> To subscribe, unsubscribe, or to change your mail settings: > >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > >>> > >> > >> > >> --------------------------------------------------- > >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > >> To subscribe, unsubscribe, or to change your mail settings: > >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > >> > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss