[olug] wrapping sshd on Debian
nealr
neal at lists.rauhauser.net
Fri Jan 5 14:42:44 UTC 2007
Kenton Brede wrote:
> On 1/4/07, nealr <neal at lists.rauhauser.net> wrote:
>
>> I installed something a while back using Debian and I put in our usual
>> /etc/hosts.allow which only permits stuff we own. Tonight I was doing a
>> little security audit and I find that the box will talk to any ol'
>> address via ssh. What does one have to do to make sshd honor
>> /etc/hosts.allow on Debian(Knoppix)??? I suppose this is something
>> stupid I'll find right after I hit send but for the moment I am
>> scratching my head.
>>
>
> A few thoughts:
>
> http://www.snailbook.com/faq/libwrap.auto.html
>
> You could use a firewall on the local machine.
>
I have no desire to fiddle with Linux firewalling - I run one
application (ssh) and I secure it with tcp wrappers on BSD - can't
understand why its so much more work with Linux, but that does seem to
be the Linux configuration pornomantra - longer, harder, and more
frequent!!!
I really have to recompile sshd to get wrapper support under default
Linux installs? That is just sad ...
> Use the "AllowUsers" or "DenyUsers" in /etc/ssh/sshd_config.
>
This I was not familiar with and I'm going to go check it out ...
> hth,
> Kent
>
>
More information about the OLUG
mailing list