It certainly does and if you're using ssh2 it can be run using
tcp-wrappers.
-Rich
On Thu, 20 Apr 2000, Ron DuFresne wrote:
>
> as has already been hinted I think, does not ssh also allow one to acept
> and deny connections on the order of tcpd?
>
> Thanks,
>
> Ron DuFresne
>
>
> On Thu, 20 Apr 2000, Richard Noonan wrote:
>
> > For me passing any administrative data in the clear is unacceptable
> > and is prohibited by my employer. Were I in your situation I would be
> > allowing ssh in/out to a specified internal host accessed by
> > administrative staff only.
> >
> > -Rich
> >
> > On Thu, 20 Apr 2000, David Lang wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > >
> > > for the commercial firewalls I use the provided tool, for the other
> > > machines I use a one-time password to get through the firewall to them. It
> > > isn't perfect (data can be sniffed), but I take the position that if I am
> > > doing my job correctly it wouldn't matter if my root passwords were
> > > posted, noone could get to where they could use them.
> > >
> > > This is a decision I made based on my perception of the relative risks
> > > between
> > >
> > > 1. someone goes to the efort of getting the passwords and then finds an
> > > application bug that gets them on the machine where they can use them (in
> > > which case they may be getting on as root anyway)
> > >
> > > 2. inside people useing SSH to tunnel stuff through that I have no control
> > > over becouse "it's only for me and it's not really a risk anyway"
> > >
> > > David Lang
> > >
> > >
> > >
> > > On Thu, 20 Apr 2000, Mark E. Drummond
> > > wrote:
> > >
> > > > Date: Thu, 20 Apr 2000 15:38:06 -0400
> > > > From: Mark E. Drummond <[EMAIL PROTECTED]>
> > > > To: David Lang <[EMAIL PROTECTED]>
> > > > Cc: Firewalls <[EMAIL PROTECTED]>
> > > > Subject: Re: ssh defeats the firewall
> > > >
> > > > David Lang wrote:
> > > > >
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > >
> > > > > This is exactly the reason why I do not allow SSH through the firewalls I
> > > > > manage.
> > > >
> > > > So do you do remote management of your UNIX boxen? If so, what do you
> > > > use?
> > > >
> > > > --
> > > > Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
> > > > UNIX System Administrator|Royal Military College of Canada
> > > > The Kingston Linux Users Group|http://signals.rmc.ca/klug/
> > > > Saving the World ... One CPU at a Time
> > > >
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGP 6.5.2
> > >
> > > iQEVAwUBOP9NJz7msCGEppcbAQE6iggAnEi5Hy5vSNe85OvQVdpVA8yuXYBASINr
> > > Jkd6OzMjLFg1wGmeRq/Mn3nxluOV6b1bvcSPRUKK1tWa4T0KF5vfFMT0G8gR4sW0
> > > NitqUmGKUw7RusdYghI1ZZjNgly7DuqiUfksGkj9dTFWqO8+A57eMUvHnqZN6afm
> > > gGaLOOYlUWG2roWELLDZ2QTs8e31ZuwBah5OnndoCRszDiRK8+1JRj0jDhSPann5
> > > rdTbt2j0K32rkK95nIogasO/keI1feK0mSPL/8rK30whWuH9fPO976rW48k2tfKv
> > > pGEQbky62Gc4jJkhAxb/U8ZKJDiO7aBAjZE33bI/o8/c0lMLidND3g==
> > > =uSjE
> > > -----END PGP SIGNATURE-----
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > --
> >
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
--
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
