| Michael Leone on Wed, 26 Sep 2001 03:10:26 +0200 |
|
On Tue, 2001-09-25 at 17:28, gabriel rosenkoetter wrote:
>
> Likewise, this is a problem solved very well by a good stateful
> firewall or, really, just by tcp_wrapping sshd. Note that a daemon
> does NOT have to be launched from /etc/inetd.conf in order to be
> tcp_wrapped... intelligent distros link all their daemons against
> libwrap, and OpenSSH's configure script will let you do the same.
> Any daemon linked against libwrap will honor access rules in
> /etc/host.{allow,deny}.
I considered that, but how can that help if my users are on dynamic IP
assignments from their ISP? It doesn't seem right to allow an ISP's
entire range of IPs, just in case. Even if it's really only my dept who
would access via SSH; I'm still trying to get a full VPN going using my
Cisco Pix, for common users. Problem is, the boss wants to make sure
that any home users who have WinME (ack! thfpt!) will be able to access
... and the cheap Cisco VPN client won't work with WinME; only the $150
version works with WinME. And they would prefer not to have to pay that
much, for any individual employee to be able to access the whole LAN
remotely. So, apparently NOBODY will be able to.
Makes a whole lotta sense, huh?
So, I'm investigating other options, no matter how limited.
--
------------------------------------------------------------------
Michael J. Leone Registered Linux user #201348
<mailto:turgon@mike-leone.com> ICQ: 50453890 AIM: MikeLeone
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
PGP public key:
<http://www.mike-leone.com/~turgon/turgon-public-key.gpg>
Taking a mental stroll through the psychic park of pleasure.
Attachment:
pgpCQhoRyvVcR.pgp
|
|