heads up: tcpwrappers support going away
Alex Bligh
alex at alex.org.uk
Wed Apr 23 17:34:00 EST 2014
On 22 Apr 2014, at 23:31, James Cloos wrote:
>>>>>> "DM" == Damien Miller <djm at mindrot.org> writes:
>
> DM> This is an early warning: OpenSSH will drop tcpwrappers in the next
> DM> release.
>
> This will need a wider announcement. Most auto-block solutions I've
> looked at add entries to hosts.allow.
+1. Denyhosts suddenly stopping working is not a great plan.
Personally I don't want an automated script futzing with iptables,
and making it reload sshd.conf does not seem a great plan either.
Making things 'fail insecure' does not seem the right thing to do.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list