Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

On 2/14/20 6:37 PM, Ben Woods wrote: > On Sat, 15 Feb 2020 at 4:27 am, Joey Kelly wrote: > >> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: >>> Upstream OpenSSH-portable removed libwrap support in version 6.7, >>> released in October 2014. We've maintained a patch in our tree to >>>

Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

In the interest of good logging it may be better to filter ssh attempts with libwrap than with packet filtering. The difference being that libwrap logging, particularly when used with fail2ban, tends to be more readable and parseable. Not having libwrap in sshd is most simply and easily worked

Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

On Sat, 15 Feb 2020 at 4:27 am, Joey Kelly wrote: > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > > Upstream OpenSSH-portable removed libwrap support in version 6.7, > > released in October 2014. We've maintained a patch in our tree to > > restore it, but it causes friction on each

Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

On Friday, February 14, 2020 04:16:53 PM Ed Maste wrote: > On Fri, 14 Feb 2020 at 15:27, Joey Kelly wrote: > > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > > > Upstream OpenSSH-portable removed libwrap support in version 6.7, > > > released in October 2014. We've maintained a patch

Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

On Fri, 14 Feb 2020 at 15:27, Joey Kelly wrote: > > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > > Upstream OpenSSH-portable removed libwrap support in version 6.7, > > released in October 2014. We've maintained a patch in our tree to > > restore it, but it causes friction on each

Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

security/py-fail2ban in ports is a good alternative. Can be combined with pf and the like to have a similar effect. On Fri, Feb 14, 2020, 3:27 PM Joey Kelly wrote: > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > > Upstream OpenSSH-portable removed libwrap support in version 6.7, >

Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > Upstream OpenSSH-portable removed libwrap support in version 6.7, > released in October 2014. We've maintained a patch in our tree to > restore it, but it causes friction on each OpenSSH update and may > introduce security vulnerabilities

Early heads-up: plan to remove local patches for TCP Wrappers support in sshd

Upstream OpenSSH-portable removed libwrap support in version 6.7, released in October 2014. We've maintained a patch in our tree to restore it, but it causes friction on each OpenSSH update and may introduce security vulnerabilities not present upstream. It's (past) time to remove it. Although