AllowHosts / DenyHosts
Damien Miller
djm at mindrot.org
Thu Mar 1 00:20:11 EST 2001
On Wed, 28 Feb 2001, Yuliy Minchev wrote:
>
> re
>
> > > There are some old (or exotic) systems which haven't nor ip
> > > filtering capabilities, nor tcp-wrapper. So it would be a good
> > > think if OpenSSH can handle Allow/Deny clauses.
> >
> > tcp-wrappers is _very_ portable. What platforms that OpenSSH supports
> > are not supported by TCP wrappers?
>
> In fact you are right. But if I want just to run OpenSSH on some hosts
> and to control access - why should I need to install yet another program
> (tcp-wrapper) and then to track yet another program (tcp-wrapper) for new
> bugs discovered?
TCP wrappers hasn't had a security bug in years IIRC.
> It's enough that you need zlib/openssl/egd to install OpenSSH on some
> machines.
> It's a good thing that in 2.5 there is an internal way to gather entropy.
>
> Someone said a few weeks ago, he wants to see OpenSSH capable to compile
> without you have installed openssl and zlib.
This will never happen, if anything we will be using more 3rd party
libraries in the future rather than less (libkeynote, libedit, etc).
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list