From owner-freebsd-ports  Fri Nov 26 15:31:19 1999
Delivered-To: freebsd-ports@freebsd.org
Received: from dozer.skynet.be (dozer.skynet.be [195.238.2.36])
	by hub.freebsd.org (Postfix) with ESMTP
	id B9AC015330; Fri, 26 Nov 1999 15:31:08 -0800 (PST)
	(envelope-from root@foxbert.skynet.be)
Received: from foxbert.skynet.be (foxbert.skynet.be [195.238.1.45])
	by dozer.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id AAA18063;
	Sat, 27 Nov 1999 00:31:06 +0100 (MET)
Received: (from root@localhost)
	by foxbert.skynet.be (8.9.1/jovi-pop-2.1) id AAA11641;
	Sat, 27 Nov 1999 00:31:06 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v04205503b464c6595396@[195.238.21.204]>
In-Reply-To: <19991126200152.A39178@hal.mpn.cp.philips.com>
References: <v04205505b45b1dd2e5a5@[195.238.21.204]>
 <4.2.0.58.19991119131954.00a8e238@mail.sstar.com>
 <v0420550cb4646aed45f3@[195.238.21.204]>
 <v0420550eb46478917a14@[195.238.21.204]>
 <19991126200152.A39178@hal.mpn.cp.philips.com>
Date: Sat, 27 Nov 1999 00:30:07 +0100
To: Jos Backus <Jos.Backus@nl.origin-it.com>
From: Brad Knowles <blk@skynet.be>
Subject: Re: OpenSSH for -STABLE?
Cc: green@freebsd.org, ports@freebsd.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 8:01 PM +0100 1999/11/26, Jos Backus wrote:

> I sent this patch to Brian Feldman earlier today:
>
> 	--- work/ssh/Makefile.inc.orig  Fri Nov 26 19:59:42 1999
> 	+++ work/ssh/Makefile.inc       Fri Nov 26 19:59:59 1999
> 	@@ -1,4 +1,4 @@
> 	-CFLAGS+=       -I${.CURDIR}/..
> 	+CFLAGS+=       -I${PREFIX}/include -I${.CURDIR}/..

	With this, OpenSSH compiles and runs on -stable, however it 
doesn't seem to understand the "AllowHosts" directive, and there's 
nothing in the man page I can find that will do something similar (as 
with "SyslogFacility" and "LogLevel" that take the place of 
"QuietMode" and "FacistLogging").

	Are we supposed to instead build this with libwrap support, and 
use it to allow/deny access from certain IP addresses instead of 
OpenSSH?


	Looking through sshd.c and servconf.c, nothing obvious leaps out 
at me as the proper way to solve this problem, and it doesn't seem to 
be mentioned in (except in passing) in sshd.8.

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message