On Thu, May 21, 2015 at 1:05 AM, Michael Stone <mstone@xxxxxxxxx> wrote: > On Wed, May 20, 2015 at 03:58:22PM +0200, Stephan von Krawczynski wrote: > >> Show me this as an example of your firewall skills and replace this >> hosts.allow entry: >> >> sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected >> me | >> /bin/mail -s "hosts.allow entry XYZ" root) & : ALLOW >> >> >> This is only an example code, of course. >> > > It's an example of something really horrible. It might have seemed like a > good idea in the 90s, but in a modern system that sort of alerting should > be integrated into log monitoring (and should be much more comprehensive > than a couple of services linked against wrappers). > Note that you can still do that by starting sshd under tcpd+inetd, something like: ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd -i or the equivalent in your inetd-alike. For SSHv2 connections it should be about the same speed (it'll be slower for Protocol 1 connections because each connection will need to generate a new ephemeral host key, but that's probably a plus from a security standpoint). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev