On Wed, 23 Apr 2014, Alex Bligh wrote: > On 22 Apr 2014, at 23:31, James Cloos wrote: > > >>>>>> "DM" == Damien Miller <djm@xxxxxxxxxxx> writes: > > > > DM> This is an early warning: OpenSSH will drop tcpwrappers in the next > > DM> release. > > > > This will need a wider announcement. Most auto-block solutions I've > > looked at add entries to hosts.allow. > > +1. Denyhosts suddenly stopping working is not a great plan. > > Personally I don't want an automated script futzing with iptables, as opposed to letting one futz with something that can execute shell commands? A simple way out of this would be adding "Match exec" support to sshd_config like ssh_config got in the last couple of releases. Anyone want to do this? -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev