On 23.06.21 20:12, Saint Michael wrote: > I use a non-standard port and they apparently broke a server in an > external datacenter, analyzed history, used the same ssh command with > ad-hoc port number. The box was connected paswordlessly to all my important > boxes and Zas!, Bitcoin miners all over the company. Well, if you got hacked through some legitimately *trusted* external machine that is *required* to be able to do unattended logins, I don't quite see how TCP Wrappers could have prevented that ... (In the meantime, I remembered that there's a "traditional" way to put some service under TCP Wrappers, as long as it can run under an inetd; CentOS 7's repos offer a package tcp_wrappers that contains the required /usr/sbin/tcpd . But I suppose that OpenSSH sshd doesn't have inetd mode support, either, even if someone were willing to sacrifice the builtin rate limiting etc. in favor of TCP Wrappers ... ?) Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev