AllowHosts / DenyHosts
Dan Kaminsky
dankamin at cisco.com
Wed Feb 28 22:10:00 EST 2001
> On Wed, Feb 28, 2001 at 01:55:49AM -0800, Dan Kaminsky wrote:
> > This would let us do such things as allow X forwarding from the one lab
that
> > critically needs it but keep it banned it for everyone else.
>
> this could be implemented with keynote (rfc2704). someone
> needs to add keynote support to openssh.
Hadn't seen Keynote before, but I've seen the disastrous failures of
certificates to take over the IT world in anything *but* web servers.
There's probably something more to Keynote...what makes it worth the
LOC/admin mis-grok level relative to:
Host *
Reject
Host 129.210.*.*
Allow
ReverseMappingCheck no
User Bob
ChallengeResponseAuthentication yes
AFSTokenPassing yes
RhostsRSA 5c:06:8c:da:6b:db:e0:f5:6f:3d:0f:a6:32:c0:5d:d0
Banner /etc/issue.net
etc? About the best that comes to mind is handling large indexes of key
fingerprints...but there are better ways of doing that too.
Yours Truly,
Dan Kaminsky, CISSP
www.doxpara.com
More information about the openssh-unix-dev
mailing list