Re: ssh_exchange_identification: Connection closed by remote host PART II
On Sun, 24 Mar 2002 08:46:00 +0100, Sven Hoexter wrote:
>On Sat, Mar 23, 2002 at 01:09:37PM -0800, Jaye Inabnit ke6sls wrote:
>> My question now is this: do I need to make these hosts_allow entries into
>> each of my linux computers? I still find it very odd that all the other
>> computers were able to connect to my firewall/router as it was, and only my
>> Woody box was banned from connecting.
>IIRC it helps fixing your DNS problem. The real problem is that in
>/etc/hosts.deny is ALL:PARANOID set. This entry blocks all hosts that
>have an invalid or no PTR record.
My understanding has been that /etc/hosts.deny ALL:PARANOID is a good
thing (tm), in that visitors not invited in, are kicked out. Which is
your objection in this case. /etc/hosts.allow is tested first and if a
match is found, then host.deny is never tested. Thus, you can "allow"
your whole LAN by:
ALL : 192.168.0. # <--note the trailing "."
or a piece of it:
ALL : 192.168.0. EXCEPT 192.168.0.46 # or
ALL : .foo.bar EXCEPT honker.foo.bar # note leading "."
Won't these general allows eliminate the need to edit each host for each
addition/subtraction on your net? If ALL : PARANOID is not used in
hosts.deny, then any host not specifically denied, is allowed. That
seems to me to be a bad thing (tm). In the above example, everybody in
the world except honker is let in.
If this is not germane to the thread, I apologize. If it is wrong, I
It is interesting to note that as one evil empire (generic) fell,
another Evil Empire (tm) began its nefarious rise. -- me
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org