On Tue, 4 Mar 2003, Kevin Kinsey, DaleCo, S.P. wrote:
> > him/her/it access to your sshd daemon. NOTE: It is 'normally not a > good > > idea' to do this, but if you don't want to rebuild with a firewall > > configured kernel it will suffice. > > > And the reason it's not a "good idea"? I've always > assumed it was because you didn't want to be > on vacation, at a friends house, or suddenly have > your ISP switch subnets on you and lock you out > of your box... > > Absolutely nothing wrong with denying the > supposed "cracker's" IP; AAMOF, go over > to ARIN or APNIC or such and ditch entire > Class A nets that you'll never touch...I'll never > be in SE Asia, for example... > > I use a dual strategy here. One machine only > trusts a second; on the second box I deny > the known bad guyz and let most others try... > ...Needless to say, the really important stuff > is on the first box... > I was only quoting the default hosts.allow line for sshd which states: # Wrapping sshd(8) is not normally a good idea... This is no reason not to use it since in the man for sshd it states: /etc/hosts.allow, /etc/hosts.deny Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in hosts_access(5). R. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
