--On Wednesday, October 25, 2006 13:58:27 -0500 Eric Schuele
<[EMAIL PROTECTED]> wrote:
This is *definitely* something that you need to think through. I have two
machines at work that are always on, so I can always ssh to them first,
then to the server and edit the /etc/hosts.allow file to give myself
temporary access, if needed. In general, I prefer to go through those
hosts, rather than open another avenue that I may later forget to remove.
Since everything I do on those servers (almost) is through ssh, it's not a
problem for me to need an extra "hop" before I get to the box.
Viewed from a slightly different angle...
If you are responsible for maintaining machine xyz, and you have used
tcpwrappers... chances are you'll eventually need access to that machine
from a location you did not previously expect. Maybe your sitting in the
airport and get a call that the machine is malfunctioning. Maybe you are
on call at a social gathering. In any case, you'll need access and if it
is using tcpwrappers, you may not gain access.
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas