AllowHosts / DenyHosts

Pekka Savola pekkas at netcore.fi
Wed Feb 28 20:32:31 EST 2001


On Wed, 28 Feb 2001, Yuliy Minchev wrote:

> On Wed, 28 Feb 2001, Markus Friedl wrote:
>
> > On Tue, Feb 27, 2001 at 05:41:55PM +0100, Andreas Vetter wrote:
> > > I'd like to see a feature of the commercial ssh in openssh:
> > > AllowHosts xxx.yyy.xxx.yyy *.domain.net
> > > DenyHosts xxx.yyy.xxx.* name.domain.net
> > >
> > > This allows or denies connects from certain machines (including wildcard
> > > matching).
> > >
> > > Is there any chance for this feature to be included? No, we don't want to
> > > use tcp-wrapper for this.
> >
> > why should every feature, even if there exist special solutions,
> > included in openssh? you can deny ip-addresses with tcp-wrapper,
> > ipfw, ipf, etc, etc.
>
> There are some old (or exotic) systems which haven't nor ip filtering
> capabilities, nor tcp-wrapper.
> So it would be a good think if OpenSSH can handle Allow/Deny clauses.

[Cc: list tailored a bit]

These ancient systems should not be trusted to be connected to the
internet anyway, unless they're behind a firewall which can do this kind
of thing.

-- 
Pekka Savola                  "Tell me of difficulties surmounted,
Netcore Oy                    not those you stumble over and fall"
Systems. Networks. Security.   -- Robert Jordan: A Crown of Swords






More information about the openssh-unix-dev mailing list