Rich Shepard wrote: > On Wed, 6 May 2009, m0gely wrote: > >> If you're using an up-to-date sshd, and employ good password practices, >> what's the point of doing all this? Honest question. > > The firewall appliance replaced the old floppyfw that ran for years. It's > silent, small, and works. The denyhosts is an addition to the > /etc/hosts.allow and the sshd requirement for access only for those users in > /etc/passwd. Didn't use that for years, but an extra layer doesn't hurt > anything and has no overhead that I see.
Overhead exists in installation, setup, updating, and maintenance of another service. Denyhosts has its own vulnerabilities from time to time. More services create more attack vectors. This isn't a criticism. I was just curious as to the reasons. -- m0gely _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
