Am Die, 2002-06-25 um 18.10 schrieb Olaf Kirch:
- if you do not need external access to your SSH daemons, turn off the SSH service on these machine completely, or block external access at the firewall.
- if you do need external access to your SSH daemons, make sure you restrict the hosts that it will talk to by setting appropriate firewall rules.
If, for some reason, you cannot configure your firewall to block external SSH access, you can also restrict access through /etc/hosts.allow;
Hmm - I need to administer a remote machine hosted at a server farm. By no means can I afford to lock myself out of that system by upgrading ssh, as several people have reported on this list. Nor can I use host-based access control reasonably, because I login from a large dialin provider with changing IP address & hostname. I am very certain I am not alone with this problem. Do you have any advice how to proceed ? Being able to install the new version in parallel to the old one and only disable the old one when the new one proves to work would be a nice option. Martin