AllowHosts / DenyHosts
Andreas Vetter
vetter at physik.uni-wuerzburg.de
Wed Feb 28 19:57:11 EST 2001
On Tue, 27 Feb 2001, Pekka Savola wrote:
->On Tue, 27 Feb 2001, Andreas Vetter wrote:
->> I'd like to see a feature of the commercial ssh in openssh:
->> AllowHosts xxx.yyy.xxx.yyy *.domain.net
->> DenyHosts xxx.yyy.xxx.* name.domain.net
->
->I begged this for a long time half a year ago or so, but never got any
->replies. So I gave up. Now I'm happily using tcp wrappers.
->
->I've made a patch for tcp_wrappers to enable wildcard matching (from ssh
->1.2.12), and to enable file includes (from freebsd). So I can't see why
->tcp_wrappers should be worse than HostsAllow and friends in this aspect.
Tcp-wrappers are invoked by inetd, so when there is a DoS-attack against
the inetd (usually this is done port by port): game over. If ssh can
handle AllowHosts/DenyHosts itself, I don't need the (buggy) inetd.
Andreas Vetter
Universitaet Wuerzburg
More information about the openssh-unix-dev
mailing list