HEADSUP: OpenSSH 6.7 drops tcpwrapper support

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Aug 18 11:53:00 GMT 2014

Hi folks,

Just a HEADSUP to all of you actively using the tcp_wrappers/libwrap
functionality in sshd:

Starting with the next OpenSSH version 6.7, which will be released soon,
upstream removed support for tcp_wrappers/libwrap from the sources.

While that's bad from a compatibility point of view, the upstream
developers are adamant about this change for security reasons.

So, if you configured /etc/hosts.allow and/or /etc/hosts.deny files in
your Cygwin installation to block certain connections to your sshd
service, you will have to find other means to do that ASAP:

- Utilize the sshd_config Match rule.

- Utilize your firewall.

Hope that helps,

Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140818/1d9fad29/attachment.sig>

More information about the Cygwin mailing list