On 2/14/20 6:37 PM, Ben Woods wrote:
> On Sat, 15 Feb 2020 at 4:27 am, Joey Kelly wrote:
>
>> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
>>> Upstream OpenSSH-portable removed libwrap support in version 6.7,
>>> released in October 2014. We've maintained a patch in our tree to
>>>
In the interest of good logging it may be better to filter ssh attempts
with libwrap than with packet filtering. The difference being that
libwrap logging, particularly when used with fail2ban, tends to be more
readable and parseable.
Not having libwrap in sshd is most simply and easily worked
On Sat, 15 Feb 2020 at 4:27 am, Joey Kelly wrote:
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > released in October 2014. We've maintained a patch in our tree to
> > restore it, but it causes friction on each
On Friday, February 14, 2020 04:16:53 PM Ed Maste wrote:
> On Fri, 14 Feb 2020 at 15:27, Joey Kelly wrote:
> > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > > released in October 2014. We've maintained a patch
On Fri, 14 Feb 2020 at 15:27, Joey Kelly wrote:
>
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > released in October 2014. We've maintained a patch in our tree to
> > restore it, but it causes friction on each
security/py-fail2ban in ports is a good alternative. Can be combined with
pf and the like to have a similar effect.
On Fri, Feb 14, 2020, 3:27 PM Joey Kelly wrote:
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
>
On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> Upstream OpenSSH-portable removed libwrap support in version 6.7,
> released in October 2014. We've maintained a patch in our tree to
> restore it, but it causes friction on each OpenSSH update and may
> introduce security vulnerabilities
Upstream OpenSSH-portable removed libwrap support in version 6.7,
released in October 2014. We've maintained a patch in our tree to
restore it, but it causes friction on each OpenSSH update and may
introduce security vulnerabilities not present upstream. It's (past)
time to remove it.
Although