"Knute Johnson" <knute@xxxxxxxxxxx> writes: > I found an idea that uses the recent module of iptables. Was easy to > write and works really well. The first connection gets through but > fails because of the public/private key setup and the second > connection is dropped. That sounds like its much better than what I'm doing. My first homebrew hack started out using 'tail -f' which wasted a little time every second. It's not much cpu, but it is embarrassingly hack-ish. (The second version used a perl module that did a variable length poll on the log file. In theory that lowered the CPU usage a bit but was still that same embarrassing hack.) I'm glad to see someone did a proper interface to iptables. > Wolf: Thanks again for the instructions on the p/p key setup. It was my pleasure! When I first tried to configure sshd I was fairly worried that I was misunderstanding something and feared that I had opened my system for wide scale intrusions. Sshd has way too many switches and using some of them pretty much negates any security ssh might have offered. -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
