Feature disappeared?
Hank Leininger
openssh-unix-dev at progressive-comp.com
Tue Oct 31 04:36:25 EST 2000
On 2000-10-30, Gert Doering <gert at greenie.muc.de> wrote:
> Well, dropping AllowHosts doesn't mean dropping functionality (because
> it can be done via TCP wrappers).
> Dropping AllowSHosts means "I can't do that anymore", which should have
> security reasons, which I don't see any right now...
Hm. Can you get the same effect by populating /etc/ssh_known_hosts (or its
moral equivalent) with the public keys of hosts you wish to allow, and then
setting IgnoreUserKnownHosts? This would prevent users from adding other
hosts to .shosts, no? Though it might be deemed too much administrative
overhead to maintain...
--
Hank Leininger <hlein at progressive-comp.com>
More information about the openssh-unix-dev
mailing list