Feature disappeared?
Gert Doering
gert at greenie.muc.de
Mon Oct 30 20:57:19 EST 2000
Hi,
working on tightening our network (somewhat) today, I found that OpenSSH
doesn't seem to have the "AllowSHosts" directive (in sshd_config) that
Commercial SSH (at least 1.2.25 & up) has.
Now I wonder whether that hasn't been implemented yet, or has been dropped
for a certain reason.
I find this very useful for what I want to achieve - inside the company
network, .shosts is honoured, from outside the company, it isn't. No
matter what people put in their .shosts, they can't login from home
without a password (and S/Key in future), thus a break-in into their home
machine won't immediately break the office network as well...
Or is this train of thought flawed somewhere? (As usually, I have to
balance user convenience vs. security - if security is to inconvenient,
people won't use it).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list