SSH/hosts.allow/DHCP
Edwin Dicker
fedora at dicker.nl
Sat Feb 11 22:38:10 UTC 2006
Ashley M. Kirchner wrote:
>
> I have SSH locked down (through hosts.deny/.allow) to only allow
> known IPs to connect. This was done to curb the rash of script kiddies
> banging on it with dictionary attacks. However, one of my users is on
> DHCP which means every so often I need to change his entry in my
> hosts.allow file. Bit of a pain when I'm not in town or near a machine
> to check e-mail. So the question is: is there some way to solve this
> problem?
>
I use daemonshield. It's a nice daemon which dynamically adds a iptables
rule to block incoming ssh bursts from a particular IP address.
After a while the rule will be automatically deleted.
http://sourceforge.net/projects/daemonshield/
Hth,
Edwin
More information about the fedora-list
mailing list