AllowHosts / DenyHosts
Dan Kaminsky
dankamin at cisco.com
Fri Mar 2 08:32:20 EST 2001
> i've gone over and over keynote notation/whatever you want to call it, and
> still can't understand it. that doesn't mean that i don't think it's a good
> thing to have there if i want to learn and use it at some point in the
> future.
You want the feature--but cannot grok the syntax. I don't think you're
alone.
>
> personally, i think it'd be great to be able to set options in sshd based on
> what user is logging in or what host they're logging in from or what key
> they're using to log in or any number of other things. i was actually going
> to suggest/request something like that a couple days ago, but now that the
> opportunity and possibility of using someone else's code and not having to
> reinvent the wheel has come up, i think we should definitely grab it!
I don't like the concept of a huge barrier to entry in configuring SSH.
I think we *all* agree it'd be good to be able to have more fine grained
controls. The disagreement comes in whether or not Keynote is an
appropriate infrastructure for those controls. I think its
overcomplicated, too dangerous to use as an external
library(consider--it needs the ability to view, and possibly change, all
SSHD parameters dynamically), and unnecessary--we can get most of the
gains of keynote by simply extending *slightly* on the work done in
readconf.c.
There are things that are important--we should be able to switch on the
criticals, like Who is coming from Where, *When*, maybe using What. We
can do this without Keynote--though please, if anyone can correct, do
so! If we can do without, do it safer, do it easier, do it arguably
even faster...
Isn't that doing it right?
Yours Truly,
Dan Kaminsky, CISSP
www.doxpara.com
More information about the openssh-unix-dev
mailing list