tcpwrappers & SSH

Paul Schmehl pauls at
Wed Oct 25 19:16:36 UTC 2006

--On Wednesday, October 25, 2006 13:58:27 -0500 Eric Schuele 
<e.schuele at> wrote:
> Viewed from a slightly different angle...
> If you are responsible for maintaining machine xyz, and you have used
> tcpwrappers... chances are you'll eventually need access to that machine
> from a location you did not previously expect.  Maybe your sitting in the
> airport and get a call that the machine is malfunctioning.  Maybe you are
> on call at a social gathering.  In any case, you'll need access and if it
> is using tcpwrappers, you may not gain access.
This is *definitely* something that you need to think through.  I have two 
machines at work that are always on, so I can always ssh to them first, 
then to the server and edit the /etc/hosts.allow file to give myself 
temporary access, if needed.  In general, I prefer to go through those 
hosts, rather than open another avenue that I may later forget to remove. 
Since everything I do on those servers (almost) is through ssh, it's not a 
problem for me to need an extra "hop" before I get to the box.

Paul Schmehl (pauls at
Senior Information Security Analyst
The University of Texas at Dallas

More information about the freebsd-questions mailing list