I did the command and it failed. So TCP wrapper is not being used. So I would need to compile that first. Also wouldit be a good idea go put etc/hosts.deny to all so it would deny all users. And explicitly allow an IP address. On Oct 15, 2014 2:50 PM, "JD Austin" wrote: > From what I remember hosts.allow and hosts.deny only work with services > that use TCP Wrappers. > You can use the ldd commmand to determine if libwrap is compiled into a > daemon: > sudo ldd /usr/sbin/sshd| grep wrap > > For me ssh has libwrap complied in so I could use either iptables or > /etc/hosts.deny to block access. > > -- JD Austin > Voice: 480.269.4335 (480 2MY Geek) > jd@twingeckos.com > > > On Wed, Oct 15, 2014 at 2:05 PM, wrote: > >> >> >> I use IPTable to protect ssh. Should I be using hosts.allow instead? >> How does host.allow differ from using IPTables to deny all IP's to a >> specific port except for the IP's you want to give access? >> >> Keith >> >> >> >> On 2014-10-15 15:52, jill wrote: >> >>> I would point out that fail2ban is a script that scours auth.log (as >>> root) for failed authentications, parses out the source host field, >>> then runs iptables (as root) to add rules for that host. Especially >>> in light of things like shell shock, think what an attacker could do >>> with a crafted packet that caused that log line to include malicious >>> commands in the host field. You're better off properly hardening sshd >>> itself. >>> >>> White list in hosts.allow client ips/domains you will be connecting >>> from and block all others if at all possible. >>> Set your sshd_config to: >>> Never ever allow root login. Ever. >>> Whitelist explicitly what users/groups can connect on ssh. >>> Disable password-based auth and use keys, protect the heck out of your >>> private key. >>> >>> -Jill >>> >>> >>> On 2014-10-15 17:10, Stephen M wrote: >>> >>>> I am trying to learn about ssh and remoting into a computer from out of >>>> my >>>> house. I have all the ability to do this but I want to make sure my >>>> desktop is secured. I will basically be either using resources on my >>>> desktop or backing up files to my laptop. >>>> >>>> From what I have read. denyhosts and fail2ban are the same, the only >>>> difference is fail2ban requires more maintenance and has more options. >>>> If >>>> I am just trying to turn my desktop into a file server whats the best >>>> option here? >>>> >>>> -- >>>> Stephen Melheim >>>> 602-400-7707 >>>> SMelheim85@gmail.com >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>> >>> >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >