[TriLUG] tcpwrappers rules from a database server?

Clay Stuckey claystuckey at gmail.com
Wed Nov 11 10:24:01 EST 2009

I have never heard of that. I would consider that pretty dangerous. If
you need to allow roaming users ssh access, you might consider disabling
password authentication via sshd and have the users authenticate via
keys. Then you can open up ssh to the world and not really worry about
brute force attacks.

Also, you might want to consider using iptables instead or in addition
to wrappers. With iptables, you block the packets much lower in the

On Wed, 2009-11-11 at 09:56 -0500, Brian Henning wrote:
> Hi Gang,
> I did some cursory reading on tcp wrappers and didn't see an answer,
> so...
> Is there a way to get tcp wrappers to get its ACLs from a database (i.e.
> mysql) instead of the /etc/hosts.[allow|deny] files?
> In the past I've built a web page to allow a remote user to authenticate
> and thereby automatically open SSH to the remote user's IP address, and
> did it by writing a small app that would rewrite the hosts.allow file
> based on the content of a mysql table...and was wondering if there's a
> more direct approach.
> Thanks,
> ~Brian
> -----------------------------------------
> Brian A. Henning
> SupportLink Engineer
> "Serious about your success with our products"
> Phone : (+1) 888-332-6797
> E-mail: brian.henning at datadirect.com
> Web   : www.datadirect.com/support
> Contact SupportLink:
> http://knowledgebase.datadirect.com/kbcontact
> Find answers in our knowledgebase:
> http://knowledgebase.datadirect.com
> Download patches and manage support cases online:
> http://www.datadirect.com/support/troubleshooting/reportacase/index.ssp
> My Manager: bruce.rudd at datadirect.com (+1) 919-461-4276
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list