Class-imposed login restrictions (on FreeBSD)

Ed Maste emaste at freebsd.org
Tue Aug 31 03:39:16 AEST 2021


I have been working on reconciling the local modifications to the copy
of OpenSSH in the FreeBSD base system, and a number of smaller changes
have been committed upstream.

One open issue is support for login class-based restrictions,
originally introduced in 2002[1]. It can restrict login by time period
and by remote host. A version of this change was submitted to the
OpenSSH github repository[2], but a reviewer suggested it was
unnecessarily complicated (it used the monitor process to obtain the
class info). This was simplified in a second submission[3].

I can send the patch to this list in the near future, but wanted to
highlight it in case anyone is interested in taking a look.

[1] https://cgit.FreeBSD.org/src/commit/?id=5b400a39b8add453bd7e777b9306ef91f8f1403c
[2] https://github.com/openssh/openssh-portable/pull/261
[3] https://github.com/openssh/openssh-portable/pull/262


More information about the openssh-unix-dev mailing list