Date: Wed, 25 Oct 2006 14:13:40 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@freebsd.org Subject: Re: tcpwrappers & SSH Message-ID: <12CC13AA49D069C7FAD7B7B2@utd59514.utdallas.edu> In-Reply-To: <453FB3D3.4030308@computer.org> References: <E1GcdoI-000MsQ-00.rihad-mail-ru@f48.mail.ru> <25EF2257D42835E7C800F7AB@utd59514.utdallas.edu> <453FB3D3.4030308@computer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Wednesday, October 25, 2006 13:58:27 -0500 Eric Schuele <e.schuele@computer.org> wrote: > > Viewed from a slightly different angle... > > If you are responsible for maintaining machine xyz, and you have used > tcpwrappers... chances are you'll eventually need access to that machine > from a location you did not previously expect. Maybe your sitting in the > airport and get a call that the machine is malfunctioning. Maybe you are > on call at a social gathering. In any case, you'll need access and if it > is using tcpwrappers, you may not gain access. > This is *definitely* something that you need to think through. I have two machines at work that are always on, so I can always ssh to them first, then to the server and edit the /etc/hosts.allow file to give myself temporary access, if needed. In general, I prefer to go through those hosts, rather than open another avenue that I may later forget to remove. Since everything I do on those servers (almost) is through ssh, it's not a problem for me to need an extra "hop" before I get to the box. Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12CC13AA49D069C7FAD7B7B2>