OK, I understand why you are filtering using hosts.allow, but as long as you keep sshd up to date with security patches, you probably don't need to do this. If you really want to limit ssh access, it would probably be a better idea to move to key-based authorization rather than limiting IP addresses via hosts.allow. At very least it would be less annoying. If I understand hosts.allow correctly, at some point the name would have to be translated to an IP address via a DNS, and if your dynamic IP is changing frequently it is going to be tough to keep an updated DNS entry anywhere. I suppose you could use a service like no-ip.com and update that every time you get a new IP, but even that is going to take a while to filter through the system so your server could get the proper IP address.
|