Re: tcpwrappers & SSH

2006-10-25 Thread Paul Schmehl
--On Wednesday, October 25, 2006 14:35:29 -0500 Eric Schuele <[EMAIL PROTECTED]> wrote: I'm confused. I was agreeing with you. I was simply adding another reason as to why the author of the "Wrapping sshd(8) is not normally a good idea" comment might have made the comment. Are you saying that

Re: tcpwrappers & SSH

2006-10-25 Thread Eric Schuele
On 10/25/2006 14:13, Paul Schmehl wrote: --On Wednesday, October 25, 2006 13:58:27 -0500 Eric Schuele <[EMAIL PROTECTED]> wrote: Viewed from a slightly different angle... If you are responsible for maintaining machine xyz, and you have used tcpwrappers... chances are you'll eventually need acc

Re: tcpwrappers & SSH

2006-10-25 Thread doug
On Wed, 25 Oct 2006, Eric Schuele wrote: On 10/25/06 09:56, Paul Schmehl wrote: --On Wednesday, October 25, 2006 12:08:26 +0400 ? ??? <[EMAIL PROTECTED]> wrote: A comment in /etc/hosts.allow states that: Wrapping sshd(8) is not normally a good idea Why? Is it because such restrict

Re: tcpwrappers & SSH

2006-10-25 Thread Paul Schmehl
--On Wednesday, October 25, 2006 13:58:27 -0500 Eric Schuele <[EMAIL PROTECTED]> wrote: Viewed from a slightly different angle... If you are responsible for maintaining machine xyz, and you have used tcpwrappers... chances are you'll eventually need access to that machine from a location you di

Re: tcpwrappers & SSH

2006-10-25 Thread Eric Schuele
On 10/25/06 09:56, Paul Schmehl wrote: --On Wednesday, October 25, 2006 12:08:26 +0400 ? ??? <[EMAIL PROTECTED]> wrote: A comment in /etc/hosts.allow states that: Wrapping sshd(8) is not normally a good idea Why? Is it because such restrictions should naturally be made using a firewal

Re: tcpwrappers & SSH

2006-10-25 Thread Paul Schmehl
--On Wednesday, October 25, 2006 12:08:26 +0400 Рихад Гаджиев <[EMAIL PROTECTED]> wrote: A comment in /etc/hosts.allow states that: Wrapping sshd(8) is not normally a good idea Why? Is it because such restrictions should naturally be made using a firewall/PAM/sshd itself/whatever? I think GENE

Re: tcpwrappers & SSH

2006-10-25 Thread Brian A. Seklecki
On Wed, 25 Oct 2006, Alex Zbyslaw wrote: òÉÈÁÄ çÁÄÖÉÅ× wrote: A comment in /etc/hosts.allow states that: Wrapping sshd(8) is not normally a good idea With tcpwrappers, you still have to open a socket and burn cycles/ram/resources on the 3-way, followed by a quick RST. With pf(4), you can

Re: tcpwrappers & SSH

2006-10-25 Thread Alex Zbyslaw
òÉÈÁÄ çÁÄÖÉÅ× wrote: A comment in /etc/hosts.allow states that: Wrapping sshd(8) is not normally a good idea Why? Is it because such restrictions should naturally be made using a firewall/PAM/sshd itself/whatever? I think GENERIC sshd wouldn't have been built with libwrap support in the first