Early heads-up: plan to remove local patches for TCP Wrappers support in sshd
Mike Kelly
pioto at pioto.org
Fri Feb 14 20:34:21 UTC 2020
security/py-fail2ban in ports is a good alternative. Can be combined with
pf and the like to have a similar effect.
On Fri, Feb 14, 2020, 3:27 PM Joey Kelly <joey at joeykelly.net> wrote:
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > released in October 2014. We've maintained a patch in our tree to
> > restore it, but it causes friction on each OpenSSH update and may
> > introduce security vulnerabilities not present upstream. It's (past)
> > time to remove it.
>
>
> So color me ignorant, but how does this affect things like DenyHosts? Or
> is
> there an in-application way to block dictionary attacks? I can't go back
> to
> having my servers pounded on day and night (and yes, I listed on an
> alternative port).
>
> --
> Joey Kelly
> Minister of the Gospel and Linux Consultant
> http://joeykelly.net
> 504-239-6550
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
> "
>
More information about the freebsd-security
mailing list