AllowHosts / DenyHosts
Pekka Savola
pekkas at netcore.fi
Wed Feb 28 20:32:31 EST 2001
On Wed, 28 Feb 2001, Yuliy Minchev wrote:
> On Wed, 28 Feb 2001, Markus Friedl wrote:
>
> > On Tue, Feb 27, 2001 at 05:41:55PM +0100, Andreas Vetter wrote:
> > > I'd like to see a feature of the commercial ssh in openssh:
> > > AllowHosts xxx.yyy.xxx.yyy *.domain.net
> > > DenyHosts xxx.yyy.xxx.* name.domain.net
> > >
> > > This allows or denies connects from certain machines (including wildcard
> > > matching).
> > >
> > > Is there any chance for this feature to be included? No, we don't want to
> > > use tcp-wrapper for this.
> >
> > why should every feature, even if there exist special solutions,
> > included in openssh? you can deny ip-addresses with tcp-wrapper,
> > ipfw, ipf, etc, etc.
>
> There are some old (or exotic) systems which haven't nor ip filtering
> capabilities, nor tcp-wrapper.
> So it would be a good think if OpenSSH can handle Allow/Deny clauses.
[Cc: list tailored a bit]
These ancient systems should not be trusted to be connected to the
internet anyway, unless they're behind a firewall which can do this kind
of thing.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list