Securing SSHD using TCPwrapper

1. You need to make sure that sshd is supporting libwrap. To verify do this:

[root@lappy ~]# ldd /sbin/sshd | grep wrap => /lib64/ (0x00007efef78e8000)

2. Next is how to manage from tcpwrapper, basically it consists of two config files called /etc/hosts.allow and /etc/hosts.deny

3. Let say we want to deny access from domain but allow You may add in /etc/hosts.deny with following line:

sshd: EXCEPT

4. You dont need to restart/reload sshd, as this config will be kicked in when you save the host.deny file. You may test to ssh from any machine from domain and i will block except hostname



Popular Posts