On Wed, Jan 12, 2005 at 09:31:56AM -1000, Dwight Victor wrote: > If you know the IP addresses of the machines that you'll be > SSHing from...it's best to compile your version of SSH to > support tcp_wrappers and configure your /etc/hosts.allow and > /etc/hosts.deny files to only allow SSH access from your know > IP addresses.
I believe most packaged versions of OpenSSH come prebuilt with tcp-wrappers, so no recompilation is needed. > This also helps cut down on those irritating automated SSH > attacks. When using the built-in tcp-wrapper support, the attack will still hit the sshd before the attack host is dropped, and potentially leave you open to an undocumented buffer overflow. Instead, if you limit host access at the firewall level, the attack will never reach the sshd. Another alternative is to move your sshd to a different port. This will thwart the attacks that only look at tcp/22 for a running SSH server, but this relies on security through obscurity alone. -Vince