Date: Mon, 17 Apr 2000 13:33:34 -0400 From: Keith Stevenson <k.stevenson@louisville.edu> To: Vivek Khera <khera@kciLink.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: sshd and tcp-wrappers Message-ID: <20000417133334.B10528@osaka.louisville.edu> In-Reply-To: <14587.10080.867467.456592@onceler.kcilink.com>; from khera@kciLink.com on Mon, Apr 17, 2000 at 11:01:52AM -0400 References: <20000417122732.A1826@phy.hr> <20000417082136.C95086@osaka.louisville.edu> <20000417150004.A2376@phy.hr> <20000417090605.A2443@osaka.louisville.edu> <14587.10080.867467.456592@onceler.kcilink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 17, 2000 at 11:01:52AM -0400, Vivek Khera wrote: > >>>>> "KS" == Keith Stevenson <k.stevenson@louisville.edu> writes: > > KS> sshd(8) provides its own internal facility for allowing or denying > KS> hosts based upon IP address. Using both the internal facility and > KS> TCP Wrappers would incur additional work on accepted connections. > KS> Personally, I use TCP Wrappers on SSH and disable the internal > KS> facility. > > The internal facility *is* TCP wrappers. It just doesn't need the > tcpd program, which only exists to wrap programs that don't know how > to do it themselves. I know that _FreeBSD_ builds OpenSSH against libwrap, but the entry in the documentation predates OpenSSH. The internal mechanism I was referring to is the AllowHosts and DenyHosts options in sshd_config. I think that we are all in agreement, however, that there is no harm in building SSH against libwrap. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000417133334.B10528>