On 10/25/2006 14:13, Paul Schmehl wrote:
--On Wednesday, October 25, 2006 13:58:27 -0500 Eric Schuele
<[EMAIL PROTECTED]> wrote:
This is *definitely* something that you need to think through. I have
two machines at work that are always on, so I can always ssh to them
first, then to the server and edit the /etc/hosts.allow file to give
myself temporary access, if needed. In general, I prefer to go through
those hosts, rather than open another avenue that I may later forget to
remove. Since everything I do on those servers (almost) is through ssh,
it's not a problem for me to need an extra "hop" before I get to the box.
Viewed from a slightly different angle...
If you are responsible for maintaining machine xyz, and you have used
tcpwrappers... chances are you'll eventually need access to that machine
from a location you did not previously expect. Maybe your sitting in the
airport and get a call that the machine is malfunctioning. Maybe you are
on call at a social gathering. In any case, you'll need access and if it
is using tcpwrappers, you may not gain access.
I'm confused. I was agreeing with you. I was simply adding another
reason as to why the author of the "Wrapping sshd(8) is not normally a
good idea" comment might have made the comment.
Are you saying that my comment above is incorrect? Or that there is a
suitable workaround for the problem in my example scenario?
I also agree that using a jump box to gain access to the machine in
question would work.
I think I've somehow missed your point. Please explain.
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"