From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27611 invoked by alias); 19 Aug 2014 19:05:18 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 27589 invoked by uid 89); 19 Aug 2014 19:05:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=3.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtpback.ht-systems.ru Received: from smtpback.ht-systems.ru (HELO smtpback.ht-systems.ru) (78.110.50.181) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Tue, 19 Aug 2014 19:05:15 +0000 Received: from [91.79.67.207] (helo=darkdragon.lan) by smtp.ht-systems.ru with esmtpa (Exim 4.80.1) (envelope-from ) (Authenticated sender: anrdaemon@yandex.ru) id 1XJoiT-0004dF-Kd for cygwin@cygwin.com; Tue, 19 Aug 2014 23:05:09 +0400 Received: from [192.168.1.10] (HELO daemon2) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Tue, 19 Aug 2014 19:04:11 -0000 Date: Tue, 19 Aug 2014 19:05:00 -0000 From: Andrey Repin Reply-To: cygwin@cygwin.com Message-ID: <2510188048.20140819230411@yandex.ru> To: Corinna Vinschen Subject: Re: HEADSUP: OpenSSH 6.7 drops tcpwrapper support In-Reply-To: <20140818115352.GC2280@calimero.vinschen.de> References: <20140818115352.GC2280@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2014-08/txt/msg00385.txt.bz2 Greetings, Corinna Vinschen! > Starting with the next OpenSSH version 6.7, which will be released soon, > upstream removed support for tcp_wrappers/libwrap from the sources. > While that's bad from a compatibility point of view, the upstream > developers are adamant about this change for security reasons. > So, if you configured /etc/hosts.allow and/or /etc/hosts.deny files in > your Cygwin installation to block certain connections to your sshd > service, you will have to find other means to do that ASAP: > - Utilize the sshd_config Match rule. > - Utilize your firewall. Am I correct that this will only affect SSHD access control mechanics? Not the socket redirection? -- WBR, Andrey Repin (anrdaemon@yandex.ru) 19.08.2014, <23:03> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple