AllowHosts / DenyHosts

[Damien Miller]

On Thu, 1 Mar 2001, Dan Kaminsky wrote:

> I don't like the concept of a huge barrier to entry in configuring SSH.
> I think we *all* agree it'd be good to be able to have more fine grained
> controls.  The disagreement comes in whether or not Keynote is an
> appropriate infrastructure for those controls.   I think its
> overcomplicated, too dangerous to use as an external
> library(consider--it needs the ability to view, and possibly change, all
> SSHD parameters dynamically), and unnecessary--we can get most of the
> gains of keynote by simply extending *slightly* on the work done in
> readconf.c.
>
> There are things that are important--we should be able to switch on the
> criticals, like Who is coming from Where, *When*, maybe using What.  We
> can do this without Keynote--though please, if anyone can correct, do
> so!  If we can do without, do it safer, do it easier, do it arguably
> even faster...
>
> Isn't that doing it right?

I would much rather take an existing language which has been custom
designed for the role rather than reinvent yet another half-baked
policy language which is incompatible with everything else.

Keynote may not fit your asthetics, but it has the advantage of being
a published standard already being used in quite a few other software
packages (OpenBSD IPsec & Kerberos, Apache-SSL). It also has a standard
library which can be the focus of *everyone's* review and auditing
efforts.

I don't think it is too difficult to learn either - its logic is very
clear: IF precondition [&&/|| precondition ...] THEN result. It only
gets complicated if you plan on doing things like heirarchial or
delegated authentication, which are inherently complex anyway.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer