Robert Seastrom <[email protected]> wrote: > My $0.02 - I consider this a wobbler. If it weren't for the relatively > short notice that we're getting rid of it, I wouldn't particularly support > putting it back in, but the OpenSSH guys have good reasons for getting rid > of it. > > Given that the consequences could be fairly severe if people are counting > on hosts.allow/deny to save them from "the Internet", if you put it back > as a migration strategy it might be worthwhile for sshd to complain on > interactive logins, system logs, and anywhere else that it might be > noticed if it finds non-default hosts.allow and hosts.deny files. You’ve > been able to implement the functionality via "Match" for literally > years…
Unfortunately the libwrap API doesn’t seem to provide a decent way to detect this. For now I’ve just put in a revert patch that adds the support for tcpwrappers back in as it was in older versions (no deprecation warning). It’s a pretty short patch anyway, so carrying it around for an extended period doesn’t seem like a huge technical risk. It should be in the release that gets cut tomorrow. ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
