Re: heads up: tcpwrappers support going away

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



>>>>> "DM" == Damien Miller <djm@xxxxxxxxxxx> writes:

DM> This is an early warning: OpenSSH will drop tcpwrappers in the next
DM> release.

This will need a wider announcement.  Most auto-block solutions I've
looked at add entries to hosts.allow.  Everyone using such will need
to adapt their setup to cope.

Several use the notion of of a spawn line in hosts.allow.  With the
loss of tcpwrapper, openssh should add an option to run a command
for each incomming conenction (before it sends the banner, et alia)
which can check for abuse patterns and add (or expire) a packet filter.

The external should be expected to return zero to permit the connection
or non-zero to prevent it, plus perform any side-effects the admin wants.

-JimC
--
James Cloos <cloos@xxxxxxxxxxx>         OpenPGP: 0x997A9F17ED7DAEA6
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux