stop these SSH hacker

Hi,

currently I add IP addresses to the file "hosts.deny" if they try to intrude via SSH.

because I don't wanna check the auth.log so often I would like to use the file "hosts.allow".

just to know if I'm right, if I add this values to the file:

sshd : 123.456.789.0 : allow
sshd : 789.456.123.0 : allow

this way it's only possible to access sshd via this two IP addresses?

Please don't advice to use a software firewall, I want to learn that technique

Thanks

I think that's correct. I am not sure if the syntax is right, but that's the purpose of the hosts.allow file.

just want to be sure that I don't block myself :)

(don't know if I have a serial connection)

Then you can have an insane solution.

Create a php script that will reset the file (but you will need sudo to make this work) :)

I think I should invite my admin to visit the forums :)

yes the "Linux" forum becomes very active ;)

how about to start the first SSH session, take the changes (adding some IP address I'm not on, f.e. at home) and than open a second session, would that work?

I don't know that ???

just use lfd or other brustforce blocking script...

You should always always always keep one session open while modifying your ssh.  You should be able to make your change and restart the sshd (you might have to search for what the exact command is...) but since SSHD actually spawns child sshd's, you can restart it while still logged in (that is if its configured to do that... which it usually is, if I remember right).  Then, try to make your second connection.  If that fails, roll back. :)