Re-install libwrap in OpenSSH

Stephan von Krawczynski skraw at
Wed May 20 23:58:22 AEST 2015

On Wed, 20 May 2015 14:46:57 +0200
Peter Stuge <peter at> wrote:

> Stephan von Krawczynski wrote:
> > it is pretty obvious
> I guess you're not only not subscribed to the development list, but
> you seem to also not have looked at the list archives.
> You can only seem like a troll if you act as if you know best but
> in fact you are wrong. It's up to you whether you want to risk that
> of course, but it's dangerous for your case.

Are you already preparing for having no arguments?
> > _not_ replaceable by your match-statement.
> This rhetoric makes it sound like it is very important for you to
> distance yourself from the OpenSSH developers. That may not be such
> a great strategy when you want someone to do something for you.
> The rationale is that firewall rules can replace libwrap and that
> removing libwrap removes a significant attack surface exposed to the
> network.

Show me this as an example of your firewall skills and replace this
hosts.allow entry:

sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected me |
/bin/mail -s "hosts.allow entry XYZ" root) & : ALLOW

This is only an example code, of course.
> > somebody will fork the project for sure.
> Go for it. I think uptake will be limited. I think your best bet will
> be for you to contribute modifications to your prefered distribution.

Negative. Wait and see.

> > you made the wrong decision. Please cc me in case as I am not
> > reading the list.
> If you had been reading the list you would already have known
> everything I wrote in this email.
> //Peter

I saw the wrong outcome of it, and will reverse it.


More information about the openssh-unix-dev mailing list