Early heads-up: plan to remove local patches for TCP Wrappers support in sshd
Joey Kelly
joey at joeykelly.net
Fri Feb 14 20:27:17 UTC 2020
On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> Upstream OpenSSH-portable removed libwrap support in version 6.7,
> released in October 2014. We've maintained a patch in our tree to
> restore it, but it causes friction on each OpenSSH update and may
> introduce security vulnerabilities not present upstream. It's (past)
> time to remove it.
So color me ignorant, but how does this affect things like DenyHosts? Or is
there an in-application way to block dictionary attacks? I can't go back to
having my servers pounded on day and night (and yes, I listed on an
alternative port).
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
More information about the freebsd-security
mailing list