ssh tcp wrapper vs ssh public keys
Daniel Carrillo
daniel.carrillo at gmail.com
Sat Dec 19 12:12:06 UTC 2009
2009/12/18 MadTh <madan.feedback at gmail.com>
> Hi,
>
> While this question is very loosely linked to be discussed in this forum, I
> am tempted to ask this here, as I am sure there are enough experts here to
> provide helpful advice.
>
>
> Is there any advantage of using ssh public keys over passwd authentication
> ( other than that, its just additional security measure) when I am already
> using ssh tcp wrapper ( /etc/hosts.allow ; /etc/hosts.deny) and I know that
> the IP sources that are allowed to login from are fully trusted?
>
>
> Or how could a hacker be at a more advantageous position under following
> circumstances { also assume in another scenerio that, say the hacker( or
> script kiddie) got some sort of access from a web shell script ( like c99
> )}:
>
> 1) someone uses ssh public keys ( passwd authentication
>
You can combine the two behaviours directly, so you can restrict IPs or name
servers in authorized_keys2 file. IE:
from="10.10.*.*, myserver.com" ssh-rsa AAAAB3.....
2) ssh tcp wrapper to allow only specifc and highly trusted IPs
>
IMHO this is only useful with software like denyhosts and similars, that
requires dynamic blocking.
By the way, the same can be done with iptables is a more properly manner.
Kind Regards.
More information about the redhat-list
mailing list