On Wed, 23 Jun 2021, Saint Michael wrote: > The point is: this decision should not have been taken. In any case, it > should have been converted to an option, maybe an option in > /etc/ssh/sshd_config. > Can we fix it? No - we have no intention of bringing libwrap back. It's a horrible interface that makes a lot of assumptions about the caller (e.g. it uses longjmp(3) internally). It shambled out of the 1990s - a time when hosts and applications lacked similar controls of their own. It has been comprehensively superseded by better controls both inside sshd (e.g. the match directive in sshd_config) and included in modern operating systems (e.g. built-in packet filtering, libpam). If you really really want libwrap, then you can still get it by running sshd under a supporting inetd or wrapper program. Alternately, I think there's a PAM module that implements it. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
