[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: Debian openssh option review: considering splitting out GSS-API key exchange
From:       Marc Haber <mh+debian-devel () zugschlus ! de>
Date:       2024-04-04 17:08:02
Message-ID: E1rsQZG-000000008rD-2ISK () swivel
[Download RAW message or body]

On Thu, 4 Apr 2024 13:25:04 +0200, Stephan Seitz
<stse+debian@rootsland.net> wrote:
>Am Di, Apr 02, 2024 at 13:30:43 +0200 schrieb Marc Haber:
>>from being vulnerable to the current xz-based attack. Just having to
>>dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
>>maintain a packet filter.
>
>Stupid question, but if you put „ALL: ALL" into hosts.deny, couldn't you 
>stop the ssh daemon instead? ALL: ALL will block your ssh access, so it 
>doesn't matter if the daemon is running or not.

Of course there are sshd: lines in hosts.allow for "my" networks.

Greetings
Marc
-- 
----------------------------------------------------------------------------
Marc Haber         |   " Questions are the         | Mailadresse im Header
Rhein-Neckar, DE   |     Beginning of Wisdom "     | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

[prev in list] [next in list] [prev in thread] [next in thread]