AllowHosts / DenyHosts
Dan Kaminsky
dankamin at cisco.com
Fri Mar 2 03:27:06 EST 2001
> > So tell me some complex policies that would be useful, that require
keynote.
>
> everything that requires some kind of hierarchy.
>
> everything that requires some kind of delegation.
OK, I can see this being useful. Lets explicitly create a suffix, "If",
that matches any configuration option selectable by the opposite(could be
client or server).
===
IfHost 129.210.*.*
Ciphers blowfish-cbc
IfCiphers blowfish-cbc
X11Forwarding no
===
Want negation?
===
IfHost not 129.210.*.*
Ciphers blowfish-cbc
IfCiphers != blowfish-cbc
X11Forwarding no
===
But still, give me a concrete example of something really cool we can do
with Keynote that doesn't fit with trivial modifications to your existing
very readable syntax. Thus far, I just haven't seen anything that justifies
either the security risk or the difficulty in learning the syntax.
Yours Truly,
Dan Kaminsky, CISSP
www.doxpara.com
More information about the openssh-unix-dev
mailing list