On 2/14/2020 10:18 AM, Ed Maste wrote:
> Upstream OpenSSH-portable removed libwrap support in version 6.7,
> released in October 2014. We've maintained a patch in our tree to
> restore it, but it causes friction on each OpenSSH update and may
> introduce security vulnerabilities not present upstrea
On 2/21/20 11:49 AM, Ed Maste wrote:
> It seems starting sshd from inetd via tcpd is a reasonable approach
> for folks who want to use it; also, have folks using libwrap looked at
> sshd's Match blocks to see if they provide the desired functionality?
While match blocks can disallow a login from a
On Sat, 15 Feb 2020 at 05:03, Bjoern A. Zeeb
wrote:
>
> I am also worried that the change will make a lot of machines
> unprotected upon updating to 13 if there is no big red warning flag
> before the install.
At least having sshd emit a warning is a prerequisite, certainly. I
don't yet know if t
On 17-2-2020 08:02, Borja Marcos wrote:
On 14 Feb 2020, at 19:18, Ed Maste wrote:
Upstream OpenSSH-portable removed libwrap support in version 6.7,
released in October 2014. We've maintained a patch in our tree to
restore it, but it causes friction on each OpenSSH update and may
introduce sec
> On Feb 17, 2020, at 9:02 AM, Borja Marcos wrote:
>
>
>
>> On 14 Feb 2020, at 19:18, Ed Maste wrote:
>>
>> Upstream OpenSSH-portable removed libwrap support in version 6.7,
>> released in October 2014. We've maintained a patch in our tree to
>> restore it, but it causes friction on each Op
> On 14 Feb 2020, at 19:18, Ed Maste wrote:
>
> Upstream OpenSSH-portable removed libwrap support in version 6.7,
> released in October 2014. We've maintained a patch in our tree to
> restore it, but it causes friction on each OpenSSH update and may
> introduce security vulnerabilities not pres
On 14 Feb 2020, at 18:18, Ed Maste wrote:
Hi Ed,
Although the specific deprecation steps aren't yet fleshed out I'm
sending this as an early notice that I plan to disable libwrap support
from the base system sshd and that FreeBSD 13 will not support it.
I’ll be sad to run inetd again on syste
On 2/14/20 6:37 PM, Ben Woods wrote:
> On Sat, 15 Feb 2020 at 4:27 am, Joey Kelly wrote:
>
>> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
>>> Upstream OpenSSH-portable removed libwrap support in version 6.7,
>>> released in October 2014. We've maintained a patch in our tree to
>>> res
In the interest of good logging it may be better to filter ssh attempts
with libwrap than with packet filtering. The difference being that
libwrap logging, particularly when used with fail2ban, tends to be more
readable and parseable.
Not having libwrap in sshd is most simply and easily worked a
On Sat, 15 Feb 2020 at 4:27 am, Joey Kelly wrote:
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > released in October 2014. We've maintained a patch in our tree to
> > restore it, but it causes friction on each O
On Friday, February 14, 2020 04:16:53 PM Ed Maste wrote:
> On Fri, 14 Feb 2020 at 15:27, Joey Kelly wrote:
> > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > > released in October 2014. We've maintained a patch i
On Fri, 14 Feb 2020 at 15:27, Joey Kelly wrote:
>
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> > released in October 2014. We've maintained a patch in our tree to
> > restore it, but it causes friction on each Op
security/py-fail2ban in ports is a good alternative. Can be combined with
pf and the like to have a similar effect.
On Fri, Feb 14, 2020, 3:27 PM Joey Kelly wrote:
> On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> > Upstream OpenSSH-portable removed libwrap support in version 6.7,
> >
On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote:
> Upstream OpenSSH-portable removed libwrap support in version 6.7,
> released in October 2014. We've maintained a patch in our tree to
> restore it, but it causes friction on each OpenSSH update and may
> introduce security vulnerabilities n
14 matches
Mail list logo