TCP Wrap SSH?

[tony1234]

Kind of a newbie in training here, learning fast however.

On my server, ssh is not controlled by xinetd it appears, only a few others like imap.

I have CentOS 4.1, DirectAdmin, and have installed APF and BFD and seem to be working pretty well.

I see comments around about TCP wrapping ssh, so hosts.deny and hosts.allow can be used.

Have any of you TCP wrapped ssh? Should I considering my config so far? Or should I not and use IPTABLES to ban some IPs if I need to instead of worrying about how to TCP wrap ssh?

Thanks in advance for your input.

 

[nobaloney]

Depending on your OS distribution, TCP wrappers may already be compiled into SSH. On our RHL and RHEL servers we've been able to use hosts.allow and hosts.deny for sshd.

Jeff

 

[tony1234]

Interesting, thanks. Does your ssh show up in the xinetd section for a chkconfig listing? Mine does not. Could it still show up there (in the first non-xinetd section) if compiled with TCP already as you say? Also, is there any easy way to know if it was already compiled that way?

Thanks for the insight, Jeff. I appreciate it.

 

[nobaloney]

On our DA systems (dedicated servers, running RHL and RHEL) sshd runs as a daemon and is not called by xinetd.

You can always test to see if hosts.allow and hosts.deny works for you. That should tell you if TCP Wrapper support is included or not .

Jeff