My motivation is to allow connections from specific clients, no matter where they are. For example, a laptop that belongs to somebody I know, which could be trying to connect from some arbitrary IP address. They would still have to authenticate themselves, of course. I just want to summarily reject everybody else. On Sun, May 30, 2021 at 7:07 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > On Sun, 30 May 2021, Luveh Keraph wrote: > > > I would be interested to filter incoming connections depending on the > exact > > nature of the ID string supplied by the customer. RFC 4253 specifies > that > > that ID string should conform to the following structure: > > > > SSH-protoversion-softwareversion SP comments CR LF > > > > I would like to be able to selectively allow incoming connections to > > proceed (or terminate them there and then) when the value of > > softwareversion (or even comments) matches some predetermined pattern. Is > > this something that OpenSSH servers can do? > > No, but it probably wouldn't be too hard to implement a "Match > clientversion" > > What would be the purpose of this filtering? If you're considering it to > block password guessers, and such filtering becomes popular, then they > are highly likely to change their version strings. > > IMO it's generally better to disallow password authentication, except from > trusted sources. > > -d > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
