AllowHosts / DenyHosts
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Thu Mar 1 01:55:16 EST 2001
On Wed, 28 Feb 2001, Yuliy Minchev wrote:
>
> re
>
> > > > why should every feature, even if there exist special solutions,
> > > > included in openssh? you can deny ip-addresses with tcp-wrapper,
> > > > ipfw, ipf, etc, etc.
> > >
> > > There are some old (or exotic) systems which haven't nor ip filtering
> > > capabilities, nor tcp-wrapper.
> > > So it would be a good think if OpenSSH can handle Allow/Deny clauses.
> >
> > [Cc: list tailored a bit]
> >
> > These ancient systems should not be trusted to be connected to the
> > internet anyway, unless they're behind a firewall which can do this kind
> > of thing.
>
> Yes, you are right. But, how can one increase security indoors of
> organization? Especialy if he takes care only for this old machines and
> not for communications and firewall policy?
>
> What about an organization with offices all over the country (or the
> world), with private network connecting these offices. No one talks about
> Internet in this situation.
>
If OpenSSH can compile on the platform in question. TCP Wrapper can
compile on the same platform. I don't see where nothing having this
feature is a real issue.
- Ben
More information about the openssh-unix-dev
mailing list