Class-imposed login restrictions (on FreeBSD)
emaste at freebsd.org
Tue Aug 31 03:39:16 AEST 2021
I have been working on reconciling the local modifications to the copy
of OpenSSH in the FreeBSD base system, and a number of smaller changes
have been committed upstream.
One open issue is support for login class-based restrictions,
originally introduced in 2002. It can restrict login by time period
and by remote host. A version of this change was submitted to the
OpenSSH github repository, but a reviewer suggested it was
unnecessarily complicated (it used the monitor process to obtain the
class info). This was simplified in a second submission.
I can send the patch to this list in the near future, but wanted to
highlight it in case anyone is interested in taking a look.
More information about the openssh-unix-dev