Date: Fri, 14 Feb 2020 14:27:08 -0600 From: Joey Kelly <joey@joeykelly.net> To: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd Message-ID: <4627295.A1yGqSNMk2@deborah> In-Reply-To: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> References: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > Upstream OpenSSH-portable removed libwrap support in version 6.7, > released in October 2014. We've maintained a patch in our tree to > restore it, but it causes friction on each OpenSSH update and may > introduce security vulnerabilities not present upstream. It's (past) > time to remove it. So color me ignorant, but how does this affect things like DenyHosts? Or is there an in-application way to block dictionary attacks? I can't go back to having my servers pounded on day and night (and yes, I listed on an alternative port). -- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4627295.A1yGqSNMk2>