Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Feb 2020 16:16:53 -0500
From:      Ed Maste <emaste@freebsd.org>
To:        Joey Kelly <joey@joeykelly.net>
Cc:        freebsd-security@freebsd.org,  FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd
Message-ID:  <CAPyFy2BzY=uBaHZS492fpqvo8XPcj3Z-wc45RLbeJw89ncq8dg@mail.gmail.com>
In-Reply-To: <4627295.A1yGqSNMk2@deborah>
References:  <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> <4627295.A1yGqSNMk2@deborah>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Feb 2020 at 15:27, Joey Kelly <joey@joeykelly.net> wrote:
>
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > released in October 2014. We've maintained a patch in our tree to
> > restore it, but it causes friction on each OpenSSH update and may
> > introduce security vulnerabilities not present upstream. It's (past)
> > time to remove it.
>
> So color me ignorant, but how does this affect things like DenyHosts?

It's independent of denyhosts, fail2ban, blacklistd and similar. TCP
wrappers is configured using /etc/hosts.allow and /etc/hosts.deny.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2BzY=uBaHZS492fpqvo8XPcj3Z-wc45RLbeJw89ncq8dg>