[TriLUG] Hostsallow, hostsdeny question
Joseph E. ODoherty
joey at odoherty.net
Wed Mar 19 23:21:11 EDT 2008
Denyhosts is also helpful in this regard: http://denyhosts.sf.net/
On Wed, Mar 19, 2008 at 12:05:44PM -0400, MG wrote:
> Thanks - looks like keys are the way to go.
>
> MG
>
> Alan Porter wrote:
> >> The firestarter event log has ME getting paranoid.
> >>
> >
> > Note that hosts.allow and hosts.deny are only used by programs that
> > are linked with libwrap (xinetd is, lots of other server apps are).
> > Some applications may just be listening on external interfaces without
> > checking host.allow/deny.
> >
> > If you're truly paranoid, make sure your firewall rules are tight.
> > Use SSH keys instead of passwords [1]. And you might even want to
> > install "knock", a very easy-to-use port knocking client and server.
> >
> > Alan
> >
> >
> > [1] $ cat /etc/ssh/sshd_config
> > PermitRootLogin yes
> > PasswordAuthentication no
> > ChallengeResponseAuthentication no
> > UsePAM no
> >
> >
> >
> >
> >
> >
> > .
> >
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
pub 1024D/B663781B 2001-11-13 Joey O'Doherty <joey(at)odoherty(dot)net>
Key fingerprint = F76B 9ACA 4197 C707 6E4D 2B78 E430 101A B663 781B
More information about the TriLUG
mailing list