Re: VETO! Re: heads up: tcpwrappers support going away

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 26 April 2014 18:14, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:
> On Sat, Apr 26, 2014 at 11:57 AM, Nicolai
> <nicolai-openssh@xxxxxxxxxxxxxxx> wrote:
>> On Fri, Apr 25, 2014 at 08:35:08PM -0500, Karl O. Pinc wrote:
>>> I bet sshd could be run from a tcpwrapper enabled inetd
>>> using 'sshd -D'.
>>
>> Good point.  I use -ieDf for ssh over CurveCP and it works like a charm
>> even on old hardware.  So really, the desired functionality will still
>> be in OpenSSH, and there will still be at least two distinct ways of
>> getting it (instead of three).  It's sensible to remove duplicate
>> functionality in OpenSSH, particularly where it's better placed
>> elsewhere.
>>
>> So people can look at -i and -D flags.  They work!
>
> Isn't it significantly more efficient to allow sshd to do its own
> forks, rather than doing 'ssd -D' and having one new daemon running
> for every connection? I'm not personally convinced it's "better placed
> elsewhere". If tcp_wrappers is yanked out, perhaps a friendly note in
> the documentation explaining just this suggestion would help replace
> it.

Sure. The documentation will be a fully-blown CERN Security
announcement that openssh dropped a vital security feature.
We've just drafted one and will submit it once the matching openssh
release will hit the release download area.

Lionel
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux