[TriLUG] Hostsallow, hostsdeny question
MG
mgmonza at gmail.com
Wed Mar 19 12:05:44 EDT 2008
Thanks - looks like keys are the way to go.
MG
Alan Porter wrote:
>> The firestarter event log has ME getting paranoid.
>>
>
> Note that hosts.allow and hosts.deny are only used by programs that
> are linked with libwrap (xinetd is, lots of other server apps are).
> Some applications may just be listening on external interfaces without
> checking host.allow/deny.
>
> If you're truly paranoid, make sure your firewall rules are tight.
> Use SSH keys instead of passwords [1]. And you might even want to
> install "knock", a very easy-to-use port knocking client and server.
>
> Alan
>
>
> [1] $ cat /etc/ssh/sshd_config
> PermitRootLogin yes
> PasswordAuthentication no
> ChallengeResponseAuthentication no
> UsePAM no
>
>
>
>
>
>
> .
>
More information about the TriLUG
mailing list