Date: Wed, 19 Jan 2000 11:57:54 -0500 From: matt@csis.gvsu.edu To: net admin <admin@pacex.net> Cc: Marc Silver <marcs@is.co.za>, Stephan van Beerschoten <stephanb@luna.nl>, freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000119115754.A5523@eos20.csis.gvsu.edu> In-Reply-To: <Pine.BSF.4.10.10001191332040.97611-100000@almazs.pacex.net>; from net admin on Wed, Jan 19, 2000 at 01:36:13PM -0800 References: <20000119165350.E8404@is.co.za> <Pine.BSF.4.10.10001191332040.97611-100000@almazs.pacex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
net admin said: > I am just going to sneak in to this thread and throw-in a question; > I have read in the ssh docs that tcp_wrappers do not give any added > security benefits is used with ssh, and some even suggested that best not > to have tcp_wrappers with ssh????\ > > Please elucidate as to why tcp_wrappers would give added security when > used with ssh. I prefer to use tcp_wrappers with ssh so all my access control is in one file. Compiling with tcp_wrappers is redundant if sshd is spawned from inetd. sshd has a redimentary host control directives, ie AllowHosts. I can't see any adverse effects of compiling ssh with tcp_wrappers. Someone correct me if I'm wrong. -matt -- http://www.csis.gvsu.edu/matt 03 F8 23 C5 43 A2 F7 5A 24 49 F7 B0 3A F9 B1 7F Try to understand everything, but believe nothing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000119115754.A5523>