X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=FXg1Z6901bWidtzx
	Jeqm6/hdkOoT5abxTDQ0Xe8q7ZMlLwrsPBCqrMV8jnWzYMgHHSSmo+WOiXW/H2TO
	VFjjZYWnHRMFenBHv5SFrt/YvTcf/3uRuSYFiio3JVf8uGn77ZAZu8vcTrDzfRfw
	zH8NEE9m1JLKnKdh/rHM/91y8wg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=x2Z6JW1KUrg3Ve3fr/lWq+
	viEFU=; b=E4hwSc+W0Cm7SV1prZxRsMs+FtZpCfC3mNnbQEvZbFpER3COjyUpp1
	8M0SrbMPFMb439WSM35RNuNuEBXRThSyQhOTBYTLSsslBdvdY7AE3Lm+ClTDBQUt
	cjyEXsFlZsgzLvQZ+9WDHqoD4OiD42T8pxxjitT18DbC4ZYCilQpo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=3.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO: smtpback.ht-systems.ru
Date: Tue, 19 Aug 2014 23:04:11 +0400
From: Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To: cygwin AT cygwin DOT com
Message-ID: <2510188048.20140819230411@yandex.ru>
To: Corinna Vinschen <cygwin AT cygwin DOT com>
Subject: Re: HEADSUP: OpenSSH 6.7 drops tcpwrapper support
In-Reply-To: <20140818115352.GC2280@calimero.vinschen.de>
References: <20140818115352 DOT GC2280 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, Corinna Vinschen!

> Starting with the next OpenSSH version 6.7, which will be released soon,
> upstream removed support for tcp_wrappers/libwrap from the sources.

> While that's bad from a compatibility point of view, the upstream
> developers are adamant about this change for security reasons.

> So, if you configured /etc/hosts.allow and/or /etc/hosts.deny files in
> your Cygwin installation to block certain connections to your sshd
> service, you will have to find other means to do that ASAP:

> - Utilize the sshd_config Match rule.

> - Utilize your firewall.

Am I correct that this will only affect SSHD access control mechanics?
Not the socket redirection?


--
WBR,
Andrey Repin (anrdaemon AT yandex DOT ru) 19.08.2014, <23:03>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple