AllowHosts / DenyHosts
Damien Miller
djm at mindrot.org
Fri Mar 2 19:39:09 EST 2001
On Thu, 1 Mar 2001, Dan Kaminsky wrote:
> I don't like the concept of a huge barrier to entry in configuring SSH.
> I think we *all* agree it'd be good to be able to have more fine grained
> controls. The disagreement comes in whether or not Keynote is an
> appropriate infrastructure for those controls. I think its
> overcomplicated, too dangerous to use as an external
> library(consider--it needs the ability to view, and possibly change, all
> SSHD parameters dynamically), and unnecessary--we can get most of the
> gains of keynote by simply extending *slightly* on the work done in
> readconf.c.
>
> There are things that are important--we should be able to switch on the
> criticals, like Who is coming from Where, *When*, maybe using What. We
> can do this without Keynote--though please, if anyone can correct, do
> so! If we can do without, do it safer, do it easier, do it arguably
> even faster...
>
> Isn't that doing it right?
I would much rather take an existing language which has been custom
designed for the role rather than reinvent yet another half-baked
policy language which is incompatible with everything else.
Keynote may not fit your asthetics, but it has the advantage of being
a published standard already being used in quite a few other software
packages (OpenBSD IPsec & Kerberos, Apache-SSL). It also has a standard
library which can be the focus of *everyone's* review and auditing
efforts.
I don't think it is too difficult to learn either - its logic is very
clear: IF precondition [&&/|| precondition ...] THEN result. It only
gets complicated if you plan on doing things like heirarchial or
delegated authentication, which are inherently complex anyway.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list