Security Risk? sshd: ALL

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
How much of a security risk would it be for me to add:
ssdh: ALL
to my tcp-wrappers hosts.allow?

Why you ask.  Good question.  I access my work from home ocassionally.  I am
using SSH to tunnel VNC.  However, at home I have a DHCP IP address, which
changes ocassionally (obviously).  So when that happens I can not connect
until the next day, when I go back to work and put in my NEW IP in

If I had "ssh: ALL" in my hosts.allow, then I could SSH in no matter the IP,
and go from there.

*** Problem: I am a worried about the security risk of adding sshd: ALL to
my hosts.allow.  Is this a risk?

*** Currently I use:
# hosts.deny

# hosts.allow
ALL: home IP

*** Propose:
# hosts.deny

# hosts.allow
ALL: home IP
sshd: ALL

This would allow me to SSH in after my DHCP lease expires, and change the
hosts.allow file to reflect my NEW IP.

Whada' think?


Re: Security Risk? sshd: ALL

Quoted text here. Click to load it

As a data point, I've had it that way for months and nothing bad's happened
yet.  Well, I've gotten "Did not receive identification string" nine times
in the last month... probably a port scan hit port 22.

Quoted text here. Click to load it

So you're proposing to make this change at work?  You could have the home
system mail its address to you at work, or put "sshd: <home address range>"
into hosts.allow.

Quoted text here. Click to load it

So could anybody else (with a username & password)... you have to decide if
that's OK.

Quoted text here. Click to load it

IME, apparently not a big one.  But I wouldn't do it if I could avoid it.
Logging into my machine remotely has been very handy a few times.

-eben    ebQenW1@EtaRmpTabYayU.rIr.OcoPm
An ASCII character walks into a bar and orders a double. "Having a bad
day?" asks the barman. "Yeah, I have a parity error," replies the ASCII
chrctr.  The barman says, "Yeah, I thght you looked a bit off." -- Skud

Site Timeline