ListenAdress Exclusion
Gert Doering
gert at greenie.muc.de
Tue Jun 24 04:40:24 EST 2014
Hi,
On Mon, Jun 23, 2014 at 11:39:48AM -0500, Larry Becke wrote:
> I feel that this would be a simpler way to prevent ssh from even starting
> on those subnets.
Implementation would be fairly complex - there is no way to tell the
socket API "Listen on 'any' but exclude *those*", so you'd have to
enumerate all IP addresses the machine has (which might change during
sshd lifetime), then match that with the exclude list, and use the result
for many individual bind()s.
As this is portability madness, I'd really avoid going there... (though
I'm not an OpenSSH developer, just a sysadmin having run into issues with
that with other software on more exotic platforms).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list