On 04/25/2014 08:14:38 PM, Nico Kadel-Garcia wrote: > It's integration with SSH has helped make SSH safer to configure when > touching the firewall was out of the scope of the host specific > admin, > and I've personally encountered such situations. (Do not get me > *started* on Puppet, Tuttle, CFengine and Chef admins who will insist > on retaining sitewide control of the firewall configs and really > don't > know how to do them well.) iptables and pif are ikely to be > overridden > in a larger environment by someone else's standards, but you can get > away with noticeably improved system access control despite this by > configuring at least tcp_wrappers. I bet sshd could be run from a tcpwrapper enabled inetd using 'sshd -D'. Karl <kop@xxxxxxxx> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev