Project

General

Profile

Feature #9165

only IPs can be added to sshguard whitelist

Added by Stefan Beckers over 1 year ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Category:
Authentication
Target version:
-
Start date:
12/04/2018
Due date:
% Done:

0%

Estimated time:

Description

The new sshguard list feature (see #8864) does only allow addition of IP addresses. I do have the need to include DNS names, because some of the sources do change IP address over a short period in time.

sshguard itself does process DNS names in white list by just adding it to the file.

History

#1 Updated by Jim Pingle 11 months ago

  • Category set to Authentication

#2 Updated by Viktor Gurov 2 months ago

Stefan Beckers wrote:

The new sshguard list feature (see #8864) does only allow addition of IP addresses. I do have the need to include DNS names, because some of the sources do change IP address over a short period in time.

https://web.archive.org/web/20180902011957/https://www.sshguard.net/docs/whitelist/:

When hosts resolve to multiple addresses, all of them are whitelisted. 
Hosts are resolved to addresses once, when sshguard starts up.

Thus, this does not help in cases where sources change the IP address for a short period of time.

#3 Updated by Stefan Beckers 2 months ago

Semi-correct for me, as restart of sshguard or reboot will fix the situation without deeper knowledge of the "issue". So in reality, it will "ease" fixing the issue, also with uneducated staff is able to default to the reboot method. And the more educated admin just has to restart sshguard without editing IP lists.

You are definitely right, that this will not improve the situation for dynamic DNS on lines that change their IP on a daily base, os so. In that respect, my text was misleading.

Also available in: Atom PDF