Date: Sat, 6 Jan 2001 00:32:33 -0700 From: John Reynolds <jjreynold@home.com> To: questions@freebsd.org Subject: /etc/hosts.allow -- sshd a "bad idea"? Why? Message-ID: <14934.51729.912996.493818@whale.home-net>
next in thread | raw e-mail | index | archive | help
Hello all, I was experimenting with /etc/hosts.allow tonight learning how to shut the world out of some services while keeping certain things open to certain "friendly" domains. I thought I'd had everything all setup and working the way I wanted to, then I tried to ssh into the box I was experimenting on from my main workstation. I got this: Bad remote protocol version identification: 'You are not welcome to use sshd from whale. ' which stems from the "default" line near the bottom of /etc/hosts.allow which I left in tact: # The rest of the daemons are protected. ALL : ALL \ : severity auth.info \ : twist /bin/echo "You are not welcome to use %d from %h." I saw the lines which read: # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny but not knowing exactly what to do (since I run sshd as a daemon not via inetd--or at least I thought) I put the line: sshd : ALL : allow and I was then able to ssh into this machine (from inside my network and outside). Why is this "not normally a good idea"? It seems as if I've had it working this way "forever" on this machine because until tonight, I've had the default /etc/hosts.allow installed which contains the ALL : ALL : allow rule. Can somebody shed some light on this? Thanks, -Jr -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= John Reynolds Chandler Capabilities Engineering, CDS, Intel Corporation jreynold@sedona.ch.intel.com My opinions are mine, not Intel's. Running jjreynold@home.com FreeBSD 4.1.1-STABLE. FreeBSD: The Power to Serve. http://www.reynoldsnet.org/ Come join us!!! @ http://www.FreeBSD.org/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14934.51729.912996.493818>