control of auth methods

Damien Miller djm at mindrot.org
Sat May 8 11:48:43 EST 2004


Jefferson Ogata wrote:
> I thank what would work would be to make the sshd_config syntax consistent with 
> the ~/.ssh/config syntax, but instead of Host sections, have User sections. In 
> addition, instead of AllowUsers/DenyUsers you could use Allow/Deny keywords or 
> something similar. We should also allow specification of sub-auth-types. 

I don't think we are interested in adding complex policy enforcement
to the server. If we did this, we would be more likely to reuse an
existing policy language such as KeyNote. I had patches for this a
couple of years ago - check the archives.

-d




More information about the openssh-unix-dev mailing list