heads up: tcpwrappers support going away

Alex Bligh alex at alex.org.uk
Wed Apr 23 17:34:00 EST 2014

On 22 Apr 2014, at 23:31, James Cloos wrote:

>>>>>> "DM" == Damien Miller <djm at mindrot.org> writes:
> DM> This is an early warning: OpenSSH will drop tcpwrappers in the next
> DM> release.
> This will need a wider announcement.  Most auto-block solutions I've
> looked at add entries to hosts.allow.

+1. Denyhosts suddenly stopping working is not a great plan.

Personally I don't want an automated script futzing with iptables,
and making it reload sshd.conf does not seem a great plan either.
Making things 'fail insecure' does not seem the right thing to do.

Alex Bligh

More information about the openssh-unix-dev mailing list