Feature disappeared?

Tue Oct 31 05:17:37 EST 2000

Hi,

On Mon, Oct 30, 2000 at 12:36:25PM -0500, Hank Leininger wrote:
> > Well, dropping AllowHosts doesn't mean dropping functionality (because
> > it can be done via TCP wrappers).
> 
> > Dropping AllowSHosts means "I can't do that anymore", which should have
> > security reasons, which I don't see any right now...
> 
> Hm.  Can you get the same effect by populating /etc/ssh_known_hosts (or its
> moral equivalent) with the public keys of hosts you wish to allow, and then
> setting IgnoreUserKnownHosts?  This would prevent users from adding other
> hosts to .shosts, no?  Though it might be deemed too much administrative
> overhead to maintain...

Well, yes.  This would work.  (Though I'm not sure about maintainability)

gert 

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de