AllowHosts / DenyHosts

Yuliy Minchev yuliy at mobiltel.bg
Wed Feb 28 20:19:04 EST 2001


On Wed, 28 Feb 2001, Markus Friedl wrote:

> On Tue, Feb 27, 2001 at 05:41:55PM +0100, Andreas Vetter wrote:
> > I'd like to see a feature of the commercial ssh in openssh:
> > AllowHosts xxx.yyy.xxx.yyy *.domain.net
> > DenyHosts xxx.yyy.xxx.* name.domain.net
> >
> > This allows or denies connects from certain machines (including wildcard
> > matching).
> >
> > Is there any chance for this feature to be included? No, we don't want to
> > use tcp-wrapper for this.
>
> why should every feature, even if there exist special solutions,
> included in openssh? you can deny ip-addresses with tcp-wrapper,
> ipfw, ipf, etc, etc.

There are some old (or exotic) systems which haven't nor ip filtering
capabilities, nor tcp-wrapper.
So it would be a good think if OpenSSH can handle Allow/Deny clauses.

yuliy

-- 
  Yuliy Minchev,
  UNIX Administrator






More information about the openssh-unix-dev mailing list