Re: hosts.(allow|deny)

To: debian-user@lists.debian.org
Subject: Re: hosts.(allow|deny)
From: Frank Copeland <fjc@thingy.apana.org.au>
Date: Sat, 8 Mar 2003 04:55:51 +0000 (UTC)
Message-id: <[🔎] slrnb6itum.es6.fjc@wossname.apana.org.au>
References: <[🔎] 20030307161324.GD31391@wacka.mjr.org> <[🔎] 50345.10.10.10.7.1047059014.squirrel@webmail.linuxpowered.net>

On 7 Mar 03 17:43:34 GMT, nate <debian-user@aphroland.org> wrote:
> Hugh Saunders said:
> 
>> But i thought it would be more secure to put ALL : ALL in hosts.deny and
>> then in.sshd : ALL in hosts.allow. This dosnt work[ssh connections are
>> refused], how do i specify that i want all hosts to be able to connect to
>> port 22?
> 
> 
> hosts.allow/deny can be tricky(one reason I don't use it), your situation
> should be fixed by changing in.sshd to sshd. Check  /var/log/daemon.log
> for the name of the daemon(s). You should see reject messages for the
> sshd service.
> 
> another reason I don't use it is I prefer firewalls over it.

IMHO hosts.allow/deny is far less tricky than a firewall, even when
using a high-level firewall-builder like shorewall. I use both; defence
in depth is a Good Thang(TM).

-- 
Frank Copeland
Home Page: <URL:http://thingy.apana.org.au/~fjc/> 
Not the Scientology Home Page: <URL:http://xenu.apana.org.au/ntshp/>

Keep it in Usenet. E-mail replies and 'courtesy' copies are not welcome.
If you're selling, I ain't buying.

Reply to:

References:
- hosts.(allow|deny)
  - From: Hugh Saunders <hugh@mjr.org>
- Re: hosts.(allow|deny)
  - From: "nate" <debian-user@aphroland.org>

Prev by Date: Re: Libranet to Sarge
Next by Date: Re: Need help using Belkin f5d5020 with network install
Previous by thread: Re: hosts.(allow|deny)
Next by thread: Re: hosts.(allow|deny)
Index(es):
- Date
- Thread