AllowHosts / DenyHosts

[Devon Bleak]

my main point is development time.  in the end, it's really left up to the
people who write the code whether they want to implement something that's
already been implemented in a library, or just link to the library.  to me,
keynote seems reasonable.  if you need a security policy as complex as the
one i think you're describing, then there's not going to be a simple way to
describe it.

i'm not saying that keynote should be something that's _required_ to
configure OpenSSH, just that we should have the option of using it.  that
way, the people that grok can, and the people that don't will determine if
it's worth their time and energy to learn.  i definitely think that the
default should be to NOT require keynote support, or if it is, then to
supply a working, simple, open (as in not requiring any modification to let
anybody connect) default configuration, much like the default sshd_config
that's supplied now.

both solutions seem viable to me, the only difference being that keynote is
already in a handy library and would probably require less development time
to implement while giving the greatest flexibility (keeping in mind that i
haven't actually read through servconf.c, so i really don't know for sure
what it would take to implement something like what you're talking about).

devon


----- Original Message -----
From: "Dan Kaminsky" <dankamin at cisco.com>
To: "Devon Bleak" <devon at admin2.gisnetworks.com>
Cc: "Markus Friedl" <Markus.Friedl at informatik.uni-erlangen.de>;
<openssh-unix-dev at mindrot.org>
Sent: Thursday, March 01, 2001 1:32 PM
Subject: Re: AllowHosts / DenyHosts


> > i've gone over and over keynote notation/whatever you want to call it,
and
> > still can't understand it.  that doesn't mean that i don't think it's a
good
> > thing to have there if i want to learn and use it at some point in the
> > future.
>
> You want the feature--but cannot grok the syntax.  I don't think you're
> alone.
>
> >
> > personally, i think it'd be great to be able to set options in sshd
based on
> > what user is logging in or what host they're logging in from or what key
> > they're using to log in or any number of other things.  i was actually
going
> > to suggest/request something like that a couple days ago, but now that
the
> > opportunity and possibility of using someone else's code and not having
to
> > reinvent the wheel has come up, i think we should definitely grab it!
>
> I don't like the concept of a huge barrier to entry in configuring SSH.
> I think we *all* agree it'd be good to be able to have more fine grained
> controls.  The disagreement comes in whether or not Keynote is an
> appropriate infrastructure for those controls.   I think its
> overcomplicated, too dangerous to use as an external
> library(consider--it needs the ability to view, and possibly change, all
> SSHD parameters dynamically), and unnecessary--we can get most of the
> gains of keynote by simply extending *slightly* on the work done in
> readconf.c.
>
> There are things that are important--we should be able to switch on the
> criticals, like Who is coming from Where, *When*, maybe using What.  We
> can do this without Keynote--though please, if anyone can correct, do
> so!  If we can do without, do it safer, do it easier, do it arguably
> even faster...
>
> Isn't that doing it right?
>
> Yours Truly,
>
>    Dan Kaminsky, CISSP
>    www.doxpara.com
>
>