tcp_wrappers ACL for your SSH server

categories:

Among the many protections you can set to restrict connections to your server, there’s tcp_wrappers that turns out to be pretty useful.

Edit /etc/hosts.sshd Put into this file all the IP’s, hostnames (avoid this as much as possible) or ranges allowed to ssh into the machine

E.g : 192.168.1.1 10.0.0. 66.77. *.somedomain.be

Edit /etc/hosts.allow

Add this line at the beginning : sshd: /etc/hosts.sshd

Add this line at the end : ALL : ALL : spawn (/usr/sbin/safe_finger -l @%h | /bin/mail -s “Port Denial - daemon %d hostname %h IP %a” root; /bin/echo %a » /var/log/port.denial.log) & : DENY

Edit /etc/hosts.deny

sshd: ALL ALL : /var/log/port.denial.log

At any SSH attempt from an unauthorized person, the IP will be logged into /var/log/port.denial.log, meaning a ban to life unless you remove it from the log file.

You’d get a warning email along about the failed attempt



Thanks for reading this post!


Did you find an issue in this article?

- click on the following Github link
- log into Github with your account
- click on the line number containing the error
- click on the "..." button
- choose "Reference in new issue"
- add a title and your comment
- click "Submit new issue"

Your feedback is much appreciated! πŸ€œπŸΌπŸ€›πŸΌ

You can also drop me a line below!