Date: Fri, 14 Feb 2020 17:19:58 -0600 From: Joey Kelly <joey@joeykelly.net> To: freebsd-security@freebsd.org Subject: Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd Message-ID: <1997012.9LfIMBbbVL@deborah> In-Reply-To: <CAPyFy2BzY=uBaHZS492fpqvo8XPcj3Z-wc45RLbeJw89ncq8dg@mail.gmail.com> References: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> <4627295.A1yGqSNMk2@deborah> <CAPyFy2BzY=uBaHZS492fpqvo8XPcj3Z-wc45RLbeJw89ncq8dg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, February 14, 2020 04:16:53 PM Ed Maste wrote: > On Fri, 14 Feb 2020 at 15:27, Joey Kelly <joey@joeykelly.net> wrote: > > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > > > Upstream OpenSSH-portable removed libwrap support in version 6.7, > > > released in October 2014. We've maintained a patch in our tree to > > > restore it, but it causes friction on each OpenSSH update and may > > > introduce security vulnerabilities not present upstream. It's (past) > > > time to remove it. > > > > So color me ignorant, but how does this affect things like DenyHosts? > > It's independent of denyhosts, fail2ban, blacklistd and similar. TCP > wrappers is configured using /etc/hosts.allow and /etc/hosts.deny. root@marsh:~ # tail -3 /etc/hosts.allow # for denyhosts sshd : /etc/hosts.deniedssh : deny sshd : ALL : allow -- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1997012.9LfIMBbbVL>