[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Thu, 4 Apr 2024 13:25:04 +0200, Stephan Seitz
<stse+debian@rootsland.net> wrote:
>Am Di, Apr 02, 2024 at 13:30:43 +0200 schrieb Marc Haber:
>>from being vulnerable to the current xz-based attack. Just having to
>>dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
>>maintain a packet filter.
>
>Stupid question, but if you put „ALL: ALL” into hosts.deny, couldn’t you 
>stop the ssh daemon instead? ALL: ALL will block your ssh access, so it 
>doesn’t matter if the daemon is running or not.

Of course there are sshd: lines in hosts.allow for "my" networks.

Greetings
Marc
-- 
----------------------------------------------------------------------------
Marc Haber         |   " Questions are the         | Mailadresse im Header
Rhein-Neckar, DE   |     Beginning of Wisdom "     | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
Reply to: