On 2/21/20 11:49 AM, Ed Maste wrote:
> It seems starting sshd from inetd via tcpd is a reasonable approach
> for folks who want to use it; also, have folks using libwrap looked at
> sshd's Match blocks to see if they provide the desired functionality?
While match blocks can disallow a login from anything other than an
approved source address, they apparently permit the configured number of
failed attempts before throwing the prospective intruder out. With the
wrappers, it's an immediate disconnect.
They also have no mechanism to recognize a DNS mismatch (forward versus
reverse map).
imb
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
