Feature disappeared?
Pekka Savola
pekkas at netcore.fi
Mon Oct 30 22:39:39 EST 2000
On Mon, 30 Oct 2000, Gert Doering wrote:
> On Mon, Oct 30, 2000 at 01:15:01PM +0200, Pekka Savola wrote:
> > > working on tightening our network (somewhat) today, I found that OpenSSH
> > > doesn't seem to have the "AllowSHosts" directive (in sshd_config) that
> > > Commercial SSH (at least 1.2.25 & up) has.
> [..]
> > > Or is this train of thought flawed somewhere? (As usually, I have to
> > > balance user convenience vs. security - if security is to inconvenient,
> > > people won't use it).
> >
> > 'IgnoreRhosts yes' will ignore .shosts files too.
>
> Umm, yes, but that's something else. AllowSHosts permits .shosts files on
> a per-host basis, so I can say "for *.mydomain.de, .shosts is ok, for
> everybody else, it's not ok".
Well, I'd care to wager the feature disappeared to the same hole as
AllowHosts did too. Certainly intentional.
I nagged about AllowHosts _a lot_ but eventually patched TCP Wrappers so
that it can take more complex host definitions too (like *isdn1*.isp.com).
--
Pekka Savola "Tell me of difficulties surmounted,
Pekka.Savola at netcore.fi not those you stumble over and fall"
More information about the openssh-unix-dev
mailing list