Michael Leone on Wed, 26 Sep 2001 03:10:26 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH question


On Tue, 2001-09-25 at 17:28, gabriel rosenkoetter wrote:
> 
> Likewise, this is a problem solved very well by a good stateful
> firewall or, really, just by tcp_wrapping sshd. Note that a daemon
> does NOT have to be launched from /etc/inetd.conf in order to be
> tcp_wrapped... intelligent distros link all their daemons against
> libwrap, and OpenSSH's configure script will let you do the same.
> Any daemon linked against libwrap will honor access rules in
> /etc/host.{allow,deny}.

I considered that, but how can that help if my users are on dynamic IP
assignments from their ISP? It doesn't seem right to allow an ISP's
entire range of IPs, just in case. Even if it's really only my dept who
would access via SSH; I'm still trying to get a full VPN going using my
Cisco Pix, for common users. Problem is, the boss wants to make sure
that any home users who have WinME (ack! thfpt!) will be able to access
... and the cheap Cisco VPN client won't work with WinME; only the $150
version works with WinME. And they would prefer not to have to pay that
much, for any individual employee to be able to access the whole LAN
remotely. So, apparently NOBODY will be able to.

Makes a whole lotta sense, huh?

So, I'm investigating other options, no matter how limited.


-- 

------------------------------------------------------------------
Michael J. Leone                  Registered Linux user #201348 
<mailto:turgon@mike-leone.com>    ICQ: 50453890     AIM: MikeLeone

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
PGP public key:
<http://www.mike-leone.com/~turgon/turgon-public-key.gpg>

Taking a mental stroll through the psychic park of pleasure.

Attachment: pgpCQhoRyvVcR.pgp
Description: PGP signature