AllowHosts / DenyHosts

Christopher Linn celinn at
Thu Mar 1 00:38:36 EST 2001

On Thu, Mar 01, 2001 at 12:20:11AM +1100, Damien Miller wrote:
> On Wed, 28 Feb 2001, Yuliy Minchev wrote:
> >
> > In fact you are right.  But if I want just to run OpenSSH on some hosts
> > and to control access - why should I need to install yet another program
> > (tcp-wrapper) and then to track yet another program (tcp-wrapper) for new
> > bugs discovered?

you would simply build the static libwrap.a, and toss it in the same place
as your libcrypto.a, libssl.a and libz.a ...

> TCP wrappers hasn't had a security bug in years IIRC.

not only that, but libwrap is only used to read the hosts.{allow,deny}
files in this case, right?

> -d


Christopher Linn, <celinn at>    | By no means shall either the CEC
Staff System Administrator            | or MTU be held in any way liable
  Center for Experimental Computation | for any opinions or conjecture I
    Michigan Technological University | hold to or imply to hold herein.

More information about the openssh-unix-dev mailing list