John Hinton <webmaster at ew3d.com> wrote: > Restart services as needed. I'm not sure exactly which ones > need to be restarted. I normally do sshd and networking, > which does do the trick, but might be more than needed. All SSH 2 implementation should take a SIGHUP. They are supposed to not only re-read the configuration, but not lose any existing connections. So try: # killall -1 sshd > Be careful if this is a remote machine. If you get it wrong > you may lock yourself out. Which is why it can't hurt to try the new configuration on an alternative port. # sshd -p 8022 Now note you _will_ need to change things like your TCP wrappers (/etc/hosts.allow, hosts.deny) to match that port for testing. But it will at least give you an idea if the TCP wrapper and configuration changes are correct. If it works, kill the new sshd instance and change the TCP wrapper config to the production port and try it. > I find it much easier to set up allows, than to do denies. > It would depend on the situation. Are you talking the "AllowUsers" directive? Or TCP Wrappers? Their logic/follow-through is greatly differing. > There are also several packages available to block attempts > after 'so many bad attempts', but if your situation is > simple, it's easier to just do the above. If you run Internet servers regularly, it's worth the time invested to learn some basic intrusion prevention systems/solutions (IPS) like PortSentry. -- Bryan J. Smith | Sent from Yahoo Mail mailto:b.j.smith at ieee.org | (please excuse any http://thebs413.blogspot.com/ | missing headers)