[arch-general] [arch-dev-public] dropping tcp_wrapper support
Thomas Bächler
thomas at archlinux.org
Sat Jul 16 16:58:07 EDT 2011
Am 16.07.2011 21:51, schrieb Peggy Wilkins:
> I have nothing to say against iptables and other full firewall
> solutions. However, for my part running a number of desktops for
> other people at work with only sshd as a service, tcp wrappers plus
> denyhosts (plus disabling password authentication for good measure)
> already does exactly what I want. Performance doesn't enter into this
> issue for us, we have so many spare CPU cycles it's comical.
If you don't enable password authentication, restricting access to the
ssh server on a per-host basis is completely unnecessary.
Anyway, sshd can be configured to deny connections depending on the
host, you don't need tcp_wrappers for that. It would require actually
reading a manpage though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20110716/1bd85711/attachment.asc>
More information about the arch-general
mailing list