Minimal Install Option

Pekka Savola pekkas at netcore.fi
Thu Aug 21 17:50:14 UTC 2003


On Thu, 21 Aug 2003, Chris Ricker wrote:
> > I'm not sure you are disagreeing with me here. Are you saying don't
> > remote log in to a firewall at all, or are you agreeing with me?
> 
> I'm disagreeing. The last thing a fw should do is run a service, let 
> alone one with the security history of ssh.... Manage over serial.

Disagree. Set your access controls in /etc/hosts.allow for sshd and you're 
done :-)

When I was builing firewalls, I added a default deny for sshd in 
/etc/hosts.allow in %post, and recommended to add hosts if necessary in 
/etc/motd.

There is certainly a need for management, and out-of-band in this type of 
devices is certainly a non-starter.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings





More information about the fedora-test-list mailing list