Class-imposed login restrictions (on FreeBSD)

Ed Maste emaste at
Tue Aug 31 03:39:16 AEST 2021

I have been working on reconciling the local modifications to the copy
of OpenSSH in the FreeBSD base system, and a number of smaller changes
have been committed upstream.

One open issue is support for login class-based restrictions,
originally introduced in 2002[1]. It can restrict login by time period
and by remote host. A version of this change was submitted to the
OpenSSH github repository[2], but a reviewer suggested it was
unnecessarily complicated (it used the monitor process to obtain the
class info). This was simplified in a second submission[3].

I can send the patch to this list in the near future, but wanted to
highlight it in case anyone is interested in taking a look.


More information about the openssh-unix-dev mailing list