How should I do secure the ssh server on a Mac (running Snow Leopard)?
I tried using denyhosts (also mentioned in the article), but OSX 10.6 is ignoring /etc/hosts.deny, and it doesn't come with iptables. I do not want to disable passwords (i.e. use key-only authentication), since I tend to ssh to my home machine from various computers. And I can't change the port number due to firewall issues at my office.
OSX comes with ipfw (at /sbin/ipfw) which is an older tool much like iptables (on Linux) or pf (which I believe is more common than ipfw on BSD systems now). Since these tools are kernel-based and OSX's kernel is BSD-based rather than the Linux kernel, it makes sense that you find a BSD firewall tool rather than iptables.
I tried using denyhosts (also mentioned in the article), but OSX 10.6 is ignoring /etc/hosts.deny, and it doesn't come with iptables. I do not want to disable passwords (i.e. use key-only authentication), since I tend to ssh to my home machine from various computers. And I can't change the port number due to firewall issues at my office.
Any other ideas?