Re: Debian openssh option review: considering splitting out GSS-API key exchange
On Thu, 4 Apr 2024 13:25:04 +0200, Stephan Seitz
<stse+debian@rootsland.net> wrote:
>Am Di, Apr 02, 2024 at 13:30:43 +0200 schrieb Marc Haber:
>>from being vulnerable to the current xz-based attack. Just having to
>>dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
>>maintain a packet filter.
>
>Stupid question, but if you put „ALL: ALL” into hosts.deny, couldn’t you
>stop the ssh daemon instead? ALL: ALL will block your ssh access, so it
>doesn’t matter if the daemon is running or not.
Of course there are sshd: lines in hosts.allow for "my" networks.
Greetings
Marc
--
----------------------------------------------------------------------------
Marc Haber | " Questions are the | Mailadresse im Header
Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
Reply to: