Minimal Install Option
Pekka Savola
pekkas at netcore.fi
Thu Aug 21 17:50:14 UTC 2003
On Thu, 21 Aug 2003, Chris Ricker wrote:
> > I'm not sure you are disagreeing with me here. Are you saying don't
> > remote log in to a firewall at all, or are you agreeing with me?
>
> I'm disagreeing. The last thing a fw should do is run a service, let
> alone one with the security history of ssh.... Manage over serial.
Disagree. Set your access controls in /etc/hosts.allow for sshd and you're
done :-)
When I was builing firewalls, I added a default deny for sshd in
/etc/hosts.allow in %post, and recommended to add hosts if necessary in
/etc/motd.
There is certainly a need for management, and out-of-band in this type of
devices is certainly a non-starter.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-test-list
mailing list