Re: ListenAdress Exclusion

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

On Mon, Jun 23, 2014 at 11:39:48AM -0500, Larry Becke wrote:
> I feel that this would be a simpler way to prevent ssh from even starting
> on those subnets.

Implementation would be fairly complex - there is no way to tell the
socket API "Listen on 'any' but exclude *those*", so you'd have to 
enumerate all IP addresses the machine has (which might change during 
sshd lifetime), then match that with the exclude list, and use the result 
for many individual bind()s.

As this is portability madness, I'd really avoid going there...  (though
I'm not an OpenSSH developer, just a sysadmin having run into issues with
that with other software on more exotic platforms).

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@xxxxxxxxxxxxxx
fax: +49-89-35655025                        gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux