[opensuse] ssh to drop tcpwrappers support
Found on the openssh-unix-dev list: Subject: heads up: tcpwrappers support going away Date: Tue, 22 Apr 2014 17:33:59 +1000 (EST) From: Damien Miller <djm@mindrot.org> To: openssh-unix-dev@mindrot.org Hi, This is an early warning: OpenSSH will drop tcpwrappers in the next release. sshd_config has supported the Match keyword for a long time and it is possible to express more useful conditions (e.g. matching by user and address) than tcpwrappers allowed. Removing it reduces the amount of code in the 'hot' pre-authentication path in sshd and rids us of a dependency. -d I've been using tcpwrappers with ssh for a long time. I was able to get sshguard working on openSuSE 12.2, but it wasn't easy. I'll have to give it a spin with 13.1 to see if things have improved. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 23/04/14 12:10, Lew Wolfgang escribió:
Found on the openssh-unix-dev list:
Subject: heads up: tcpwrappers support going away Date: Tue, 22 Apr 2014 17:33:59 +1000 (EST) From: Damien Miller <djm@mindrot.org> To: openssh-unix-dev@mindrot.org
Hi,
This is an early warning: OpenSSH will drop tcpwrappers in the next release. sshd_config has supported the Match keyword for a long time and it is possible to express more useful conditions (e.g. matching by user and address) than tcpwrappers allowed.
Removing it reduces the amount of code in the 'hot' pre-authentication path in sshd and rids us of a dependency.
Excellent news.. One thing less I have to argue with packagers/developers about.. this thing must die as soon as possible. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
For those unfamiliar, what was this feature, and was It commonly used? On April 23, 2014 9:15:35 AM PDT, "Cristian Rodríguez" <crrodriguez@opensuse.org> wrote:
Found on the openssh-unix-dev list:
Subject: heads up: tcpwrappers support going away Date: Tue, 22 Apr 2014 17:33:59 +1000 (EST) From: Damien Miller <djm@mindrot.org> To: openssh-unix-dev@mindrot.org
Hi,
This is an early warning: OpenSSH will drop tcpwrappers in the next release. sshd_config has supported the Match keyword for a long time and it is possible to express more useful conditions (e.g. matching by user and address) than tcpwrappers allowed.
Removing it reduces the amount of code in the 'hot'
El 23/04/14 12:10, Lew Wolfgang escribió: pre-authentication
path in sshd and rids us of a dependency.
Excellent news.. One thing less I have to argue with packagers/developers about.. this thing must die as soon as possible.
-- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John, et al -- ...and then John Andersen said... % % For those unfamiliar, what was this feature, and was It commonly used? https://google.com/search?q=tcpwrappers The tcpwrappers package allows one to control who may connect to your host how. Yes, I think one could say it's commonly used, although it isn't by any means the only way to accomplish the goal. It's been around, I think, nearly as long as I have -- which is both good in that it's seasoned and capable and bad in that it may or may not really be needed any more (hmmm... also like me :-) HTH & HAND :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt
El 23/04/14 13:34, John Andersen escribió:
For those unfamiliar, what was this feature, and was It commonly used?
http://en.wikipedia.org/wiki/TCP_Wrapper In the old days it was used as a replacement for proper access controls in applications or as a poor man's firewall. The underlying components have been unmaintained for around a decade and are in an extremely poor shape. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Cristian Rodríguez
-
David T-G
-
John Andersen
-
Lew Wolfgang