xz backdoor prevention and hosts.deny?

[Nick Sal <specialroumpa@proton.me>]

Hi,

With respect to debian testing, assume we filter SSH access only to a subnet using the files host.{deny,allow} (see below).
Would this prevent the attack if a malicious payload was not​ sent from the allowed subnet?
Asking to know if an attack was possible like this, for the few days in March the backdoor was undetected on debian testing.

/etc/hosts.deny: sshd: ALL
/etc/hosts.allow: sshd: "a_subnet"

Moreover, would it have helped if additionally allowing only public-key authentication for SSH?

Regards,
Nick