Can a very large /etc/hosts.deny slow down SSH connections?

git ssh unix

Solution 1:

Yes.

But it shouldn't be much of a slowdown unless you have names instead of IPs in there, have the PARANOID option set, or ident turned on (by asking for username info). And it will only slow down the initial connection, not affect anything once the connection is established and passing data.

You could try time tcpdmatch sshd 1.2.3.4 and time tcpdmatch sshd foo.example.com with the last item set to the hostname or IP of the system you're initiating connections from. That should reproduce most of the timing issues of sshd processing the /etc/hosts.deny file and show you how long it's taking.

Related

How to restrict mailman list subscriptions to certain domains?
node.js, mongodb, redis, on ubuntu performance degradation in production, RAM is free, CPU 100%
Nginx local fallback error page if proxy destination is unavailable
Is crossover cable still needed? [closed]
Security concerns with glusterfs?
What is the minimum amount of servers for a production mongoDB cluster?
Why doesn't my linux hyper-v guest display its ipaddress in hyper-v manager
Nginx hangs using "service nginx start"
HAProxy: multiple frontends, same bind
Disable Daylight Saving Time (DST) Changes in Linux
SSL Server name mismatch how to bypass ie11
How do I make sphinx restart when I reboot my Ubuntu server?