GeoIP support - DenyCountry
Bob Proulx
bob at proulx.com
Sun Jan 19 10:40:51 EST 2003
David Walker wrote:
> It is not a security mechanism as such. It is a scan reduction tool.
>
> It is useful for my network in that all of my users are based in the
> United States. Any connection from outside the United States is
> automatically known to be bogus and there is no reason to allow it
> to continue.
That functionality more rightly belongs in a firewall than in ssh.
You can always place a firewall between ssh and the network. In fact
that is probably a good thing regardless.
I also do not think that this feature belongs in ssh.
Bob
More information about the openssh-unix-dev
mailing list