tcpd is use to access control facility for internet services. The tcpd program can be set up to monitor incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, sshd and other services that have a one-to-one mapping onto executable files. Your sshd server must be configuring (compiled with) to support tcpd.
You can find out tcpd (tcpwrapper) support easily with following command:
# strings $(which sshd)| grep libwrap
libwrap.so.0 libwrap refuse returns
If you get output libwrap (as above) then you can use tcpd as follows. Open file /etc/hosts.deny in text editor. This file list of hosts/IPs that are not allowed to access the system. In your case you will block sshd (port 22). Let us say you would like to deny access to IPs 202.54.1.20 64.66.44.22 64.66.44.25.
# vi /etc/hosts.deny Add/append following line to file:sshd: 202.54.1.20 64.66.44.22 64.66.44.25Save and exit to shell prompt. Next make sure your rules are correct with the following command:
# tcpdchk -v
Output:
Using network configuration file: /etc/inetd.conf >>> Rule /etc/hosts.deny line 20: daemons: sshd clients: 202.54.1.20 64.66.44.22 64.66.44.25 access: denied
See also:
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins

- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -


{ 2 comments… read them below or add one }
I would prefer something like
ldd $(which sshd) | grep wrap
because its very unlikely to false-positive. Anyway, thanks for that information, it helped me a lot
Using network configuration file: /etc/inetd.conf
>>> Rule /etc/hosts.allow line 1:
daemons: sendmail
clients: all
access: granted
>>> Rule /etc/hosts.deny line 21:
daemons: sshd
clients: ALL EXCEPT 62.231.69.62
access: denied
>>> Rule /etc/hosts.deny line 22:
daemons: sshd
clients: 85.25.86.50
access: denied
>>> Rule /etc/hosts.deny line 23:
daemons: sshd
clients: 69.163.149.200
access: denied
I have this .. but it doesen’t work :| What to do ?