dan at dandrake.org wrote: > My solution to that problem was to use iptables and a port knocking > daemon. If you're not coming from the U of M, iptables drops all > port 22 packets, unless you knock first. That would work great, but not for shell servers with faculty and students as a user base. Great for servers where ssh is only used for adminitration, though! ;-) It looks like ipt_recent can be used to implement this functionality: http://www.debian-administration.org/articles/268 Sweet. ;-) I may put that on our backup server. -- Chad Walstrom <chewie at wookimus.net> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */