[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh_exchange_identification: Connection closed by remote host PART II

On Sun, 24 Mar 2002 08:46:00 +0100, Sven Hoexter wrote:

>On Sat, Mar 23, 2002 at 01:09:37PM -0800, Jaye Inabnit ke6sls wrote:

>> My question now is this:  do I need to make these hosts_allow entries into 
>> each of my linux computers?  I still find it very odd that all the other 
>> computers were able to connect to my firewall/router as it was, and only my 
>> Woody box was banned from connecting.  
>IIRC it helps fixing your DNS problem. The real problem is that in
>/etc/hosts.deny is ALL:PARANOID set. This entry blocks all hosts that
>have an invalid or no PTR record.

My understanding has been that /etc/hosts.deny  ALL:PARANOID is a good
thing (tm), in that visitors not invited in, are kicked out.  Which is
your objection in this case.  /etc/hosts.allow is tested first and if a
match is found, then host.deny is never tested.  Thus, you can "allow"
your whole LAN by:

ALL : 192.168.0.  # <--note the trailing "."

or a piece of it:

ALL : 192.168.0. EXCEPT    # or
ALL : .foo.bar EXCEPT honker.foo.bar  # note leading "."

Won't these general allows eliminate the need to edit each host for each
addition/subtraction on your net?  If ALL : PARANOID is not used in
hosts.deny, then any host not specifically denied, is allowed.  That
seems to me to be a bad thing (tm).  In the above example, everybody in
the world except honker is let in.

If this is not germane to the thread, I apologize.  If it is wrong, I
seek instruction.
It is interesting to note that as one evil empire (generic) fell,
another Evil Empire (tm)  began its nefarious rise. -- me

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: