This is the mail archive of the
mailing list for the Cygwin project.
Re: HEADSUP: OpenSSH 6.7 drops tcpwrapper support
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Corinna Vinschen <cygwin at cygwin dot com>
- Date: Tue, 19 Aug 2014 23:04:11 +0400
- Subject: Re: HEADSUP: OpenSSH 6.7 drops tcpwrapper support
- Authentication-results: sourceware.org; auth=none
- References: <20140818115352 dot GC2280 at calimero dot vinschen dot de>
- Reply-to: cygwin at cygwin dot com
Greetings, Corinna Vinschen!
> Starting with the next OpenSSH version 6.7, which will be released soon,
> upstream removed support for tcp_wrappers/libwrap from the sources.
> While that's bad from a compatibility point of view, the upstream
> developers are adamant about this change for security reasons.
> So, if you configured /etc/hosts.allow and/or /etc/hosts.deny files in
> your Cygwin installation to block certain connections to your sshd
> service, you will have to find other means to do that ASAP:
> - Utilize the sshd_config Match rule.
> - Utilize your firewall.
Am I correct that this will only affect SSHD access control mechanics?
Not the socket redirection?
Andrey Repin (firstname.lastname@example.org) 19.08.2014, <23:03>
Sorry for my terrible english...
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple