VETO! Re: heads up: tcpwrappers support going away

Nico Kadel-Garcia nkadel at
Sun Apr 27 02:14:25 EST 2014

On Sat, Apr 26, 2014 at 11:57 AM, Nicolai
<nicolai-openssh at> wrote:
> On Fri, Apr 25, 2014 at 08:35:08PM -0500, Karl O. Pinc wrote:
>> I bet sshd could be run from a tcpwrapper enabled inetd
>> using 'sshd -D'.
> Good point.  I use -ieDf for ssh over CurveCP and it works like a charm
> even on old hardware.  So really, the desired functionality will still
> be in OpenSSH, and there will still be at least two distinct ways of
> getting it (instead of three).  It's sensible to remove duplicate
> functionality in OpenSSH, particularly where it's better placed
> elsewhere.
> So people can look at -i and -D flags.  They work!

Isn't it significantly more efficient to allow sshd to do its own
forks, rather than doing 'ssd -D' and having one new daemon running
for every connection? I'm not personally convinced it's "better placed
elsewhere". If tcp_wrappers is yanked out, perhaps a friendly note in
the documentation explaining just this suggestion would help replace

More information about the openssh-unix-dev mailing list