AllowHosts / DenyHosts

[Yuliy Minchev]

re

> > > why should every feature, even if there exist special solutions,
> > > included in openssh? you can deny ip-addresses with tcp-wrapper,
> > > ipfw, ipf, etc, etc.
> >
> > There are some old (or exotic) systems which haven't nor ip filtering
> > capabilities, nor tcp-wrapper.
> > So it would be a good think if OpenSSH can handle Allow/Deny clauses.
>
> [Cc: list tailored a bit]
>
> These ancient systems should not be trusted to be connected to the
> internet anyway, unless they're behind a firewall which can do this kind
> of thing.

Yes, you are right. But, how can one increase security indoors of
organization? Especialy if he takes care only for this old machines and
not for communications and firewall policy?

What about an organization with offices all over the country (or the
world), with private network connecting these offices. No one talks about
Internet in this situation.

yuliy

-- 
  Yuliy Minchev,
  UNIX Administrator