Re: Debian openssh option review: considering splitting out GSS-API key exchange

To: debian-devel@lists.debian.org
Subject: Re: Debian openssh option review: considering splitting out GSS-API key exchange
From: Stephan Seitz <stse+debian@rootsland.net>
Date: Thu, 4 Apr 2024 13:25:04 +0200
Message-id: <[🔎] 20240404T132217.blubb.aee96.stse@fsing.rootsland.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] E1rrcLj-00000000PhY-0uI1@swivel>
References: <[🔎] ZgtRkoAZ13zPzgjN@riva.ucam.org> <[🔎] E1rrcLj-00000000PhY-0uI1@swivel>

Am Di, Apr 02, 2024 at 13:30:43 +0200 schrieb Marc Haber:

from being vulnerable to the current xz-based attack. Just having to
dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
maintain a packet filter.

Stupid question, but if you put „ALL: ALL” into hosts.deny, couldn’t youstop the ssh daemon instead? ALL: ALL will block your ssh access, so itdoesn’t matter if the daemon is running or not.


	Stephan

--
|    If your life was a horse, you'd have to shoot it.    |

Reply to:

Follow-Ups:
- Re: Debian openssh option review: considering splitting out GSS-API key exchange
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

References:
- Debian openssh option review: considering splitting out GSS-API key exchange
  - From: Colin Watson <cjwatson@debian.org>
- Re: Debian openssh option review: considering splitting out GSS-API key exchange
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

Prev by Date: Re: Debian openssh option review: considering splitting out GSS-API key exchange
Next by Date: Re: Debian openssh option review: considering splitting out GSS-API key exchange
Previous by thread: Re: Debian openssh option review: considering splitting out GSS-API key exchange
Next by thread: Re: Debian openssh option review: considering splitting out GSS-API key exchange
Index(es):
- Date
- Thread