heads up: tcpwrappers support going away
Damien Miller
djm at mindrot.org
Wed Apr 23 21:39:27 EST 2014
On Wed, 23 Apr 2014, Alex Bligh wrote:
> On 22 Apr 2014, at 23:31, James Cloos wrote:
>
> >>>>>> "DM" == Damien Miller <djm at mindrot.org> writes:
> >
> > DM> This is an early warning: OpenSSH will drop tcpwrappers in the next
> > DM> release.
> >
> > This will need a wider announcement. Most auto-block solutions I've
> > looked at add entries to hosts.allow.
>
> +1. Denyhosts suddenly stopping working is not a great plan.
>
> Personally I don't want an automated script futzing with iptables,
as opposed to letting one futz with something that can execute shell
commands?
A simple way out of this would be adding "Match exec" support to sshd_config
like ssh_config got in the last couple of releases. Anyone want to do this?
-d
More information about the openssh-unix-dev
mailing list