--On Wednesday, October 25, 2006 12:08:26 +0400 Рихад Гаджиев
<[EMAIL PROTECTED]> wrote:
A comment in /etc/hosts.allow states that:
Wrapping sshd(8) is not normally a good idea
Why? Is it because such restrictions should naturally be made using a
firewall/PAM/sshd itself/whatever? I think GENERIC sshd wouldn't have
been built with libwrap support in the first place. Or?
Because maintaining the access list can be quite ponderous if you have a
lot of users.
I maintain a hobby website that only has two shell accounts. I use
hosts.allow for ssh because it gets rid of the brute-force crap. But even
for two users, the list of hosts/networks that are allowed is 10 or 15.
Imagine what it would be if you have a hundred users...or a thousand.
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
