On Thu, 4 Apr 2024 13:25:04 +0200, Stephan Seitz <stse+deb...@rootsland.net> wrote: >Am Di, Apr 02, 2024 at 13:30:43 +0200 schrieb Marc Haber: >>from being vulnerable to the current xz-based attack. Just having to >>dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to >>maintain a packet filter. > >Stupid question, but if you put „ALL: ALL” into hosts.deny, couldn’t you >stop the ssh daemon instead? ALL: ALL will block your ssh access, so it >doesn’t matter if the daemon is running or not.
Of course there are sshd: lines in hosts.allow for "my" networks. Greetings Marc -- ---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
