On 2/21/20 11:49 AM, Ed Maste wrote: > It seems starting sshd from inetd via tcpd is a reasonable approach > for folks who want to use it; also, have folks using libwrap looked at > sshd's Match blocks to see if they provide the desired functionality? While match blocks can disallow a login from anything other than an approved source address, they apparently permit the configured number of failed attempts before throwing the prospective intruder out. With the wrappers, it's an immediate disconnect. They also have no mechanism to recognize a DNS mismatch (forward versus reverse map). imbReceived on Sat Feb 22 2020 - 15:21:57 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:23 UTC