From owner-freebsd-stable Mon Apr 17 10:33:40 2000 Delivered-To: freebsd-stable@freebsd.org Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id 98AD737B932 for ; Mon, 17 Apr 2000 10:33:35 -0700 (PDT) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id E6CA024ED9; Mon, 17 Apr 2000 13:33:34 -0400 (EDT) Received: by osaka.louisville.edu (Postfix, from userid 15) id 58F5718656; Mon, 17 Apr 2000 13:33:34 -0400 (EDT) Date: Mon, 17 Apr 2000 13:33:34 -0400 From: Keith Stevenson To: Vivek Khera Cc: freebsd-stable@FreeBSD.ORG Subject: Re: sshd and tcp-wrappers Message-ID: <20000417133334.B10528@osaka.louisville.edu> References: <20000417122732.A1826@phy.hr> <20000417082136.C95086@osaka.louisville.edu> <20000417150004.A2376@phy.hr> <20000417090605.A2443@osaka.louisville.edu> <14587.10080.867467.456592@onceler.kcilink.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <14587.10080.867467.456592@onceler.kcilink.com>; from khera@kciLink.com on Mon, Apr 17, 2000 at 11:01:52AM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Apr 17, 2000 at 11:01:52AM -0400, Vivek Khera wrote: > >>>>> "KS" == Keith Stevenson writes: > > KS> sshd(8) provides its own internal facility for allowing or denying > KS> hosts based upon IP address. Using both the internal facility and > KS> TCP Wrappers would incur additional work on accepted connections. > KS> Personally, I use TCP Wrappers on SSH and disable the internal > KS> facility. > > The internal facility *is* TCP wrappers. It just doesn't need the > tcpd program, which only exists to wrap programs that don't know how > to do it themselves. I know that _FreeBSD_ builds OpenSSH against libwrap, but the entry in the documentation predates OpenSSH. The internal mechanism I was referring to is the AllowHosts and DenyHosts options in sshd_config. I think that we are all in agreement, however, that there is no harm in building SSH against libwrap. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message