Securing SSHD using TCPwrapper

1. You need to make sure that sshd is supporting libwrap. To verify do this:

[root@lappy ~]# ldd /sbin/sshd | grep wrap

libwrap.so.0 => /lib64/libwrap.so.0 (0x00007efef78e8000)

2. Next is how to manage from tcpwrapper, basically it consists of two config files called /etc/hosts.allow and /etc/hosts.deny

3. Let say we want to deny access from bytewise.com.my domain but allow manager.bytewise.com.my. You may add in /etc/hosts.deny with following line:

sshd: .bytewise.com.my EXCEPT manager.bytewise.com.my

4. You dont need to restart/reload sshd, as this config will be kicked in when you save the host.deny file. You may test to ssh from any machine from bytewise.com.my domain and i will block except hostname manager.bytewise.com.my

Enjoy!