heads up: tcpwrappers support going away

Damien Miller djm at mindrot.org
Wed Apr 23 21:39:27 EST 2014

On Wed, 23 Apr 2014, Alex Bligh wrote:

> On 22 Apr 2014, at 23:31, James Cloos wrote:
> >>>>>> "DM" == Damien Miller <djm at mindrot.org> writes:
> > 
> > DM> This is an early warning: OpenSSH will drop tcpwrappers in the next
> > DM> release.
> > 
> > This will need a wider announcement.  Most auto-block solutions I've
> > looked at add entries to hosts.allow.
> +1. Denyhosts suddenly stopping working is not a great plan.
> Personally I don't want an automated script futzing with iptables,

as opposed to letting one futz with something that can execute shell

A simple way out of this would be adding "Match exec" support to sshd_config
like ssh_config got in the last couple of releases. Anyone want to do this?


More information about the openssh-unix-dev mailing list