Dear Christian, >How is this different to configuring /etc/securetty and tunnelling >Telnet over SSH Port Forwarding which I don't recommend BTW? In case your SSH is remotely attackable for instance - because your LDAP is configured wrongly, - your run into some problem like CVE-2008-0166 - some users private keys are lost And you want to lock down the sshd and investigate and fix the problem, then your solution may not be helpful because SSH is still exposed and attackable. The solution I do propose is an alterative to Port-Knocking or packet filtering because it aims to un-expose the vulnerability of ssh and give the Administrators some time to fix the problems. Kind Regards Manon _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev