Re: sshd appears to not be consulting /etc/hosts.allow and /etc/hosts.deny for access control, is this a known issue?

[Brian Buhrow <buhrow%nfbcal.org@localhost>]

	Hello.  Thanks for the quick reply.  While openssh may have dropped libwrap and
libblocklist support in version 6.7, NetBSD had it until the import of openssh-9.9.  I see no
notation of this large change in behavior either in the cvs log file for the Makefile for sshd
diff shown below for when this support was dropped, nor in the doc/CHANGES file, although the
import of OpenSSH-9.9 is noted there.
So, is it the case this was entirely intentional?  If so, I'm very surprised it wasn't noted
more prominently in either the cvs log file of the Makefile itself or in the doc/CHANGES file,
preferably both.  

Might Christos be able to shed light on this?

-thanks
-Brian


Index: Makefile
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/bin/sshd/Makefile,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- Makefile	3 Jun 2023 09:09:02 -0000	1.27
+++ Makefile	8 Jul 2024 22:33:43 -0000	1.28
@@ -1,79 +1,17 @@
-#	$NetBSD: Makefile,v 1.27 2023/06/03 09:09:02 lukem Exp $
+#	$NetBSD: Makefile,v 1.28 2024/07/08 22:33:43 christos Exp $
 
 .include <bsd.own.mk>
 
+USE_LDAP=	no
 PROG=	sshd
 MAN=	sshd.8 sshd_config.5 moduli.5
 
 BINDIR=	/usr/sbin
 
-SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth2-pubkeyfile.c \
-	sshpty.c sshlogin.c servconf.c serverloop.c \
-	auth.c auth2.c auth-options.c session.c \
-	auth-krb5.c auth2-chall.c groupaccess.c \
-	auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
-	auth2-none.c auth2-passwd.c auth2-pubkey.c \
-	monitor.c monitor_wrap.c srclimit.c \
-	kexgexs.c sftp-server.c sftp-common.c \
-	sftp-realpath.c sandbox-rlimit.c pfilter.c
-
-COPTS.auth-options.c+=	-Wno-pointer-sign
-COPTS.ldapauth.c+=	-Wno-format-nonliteral	# XXX: should fix
-
-.if (${USE_PAM} != "no")
-SRCS+=	auth-pam.c
-LDADD+=	-lpam ${PAM_STATIC_LDADD}
-DPADD+=	${LIBPAM} ${PAM_STATIC_DPADD}
-
-.if ${USE_YP} != "no"
-LDADD+= -lrpcsvc
-DPADD+= ${LIBRPCSVC}
-.endif
-
-.else	# USE_PAM == no
-
-.if (${USE_SKEY} != "no")
-LDADD+=	-lskey
-DPADD+=	${LIBSKEY}
-.endif
-
-.endif	# USE_PAM == no
-
-.if (${USE_KERBEROS} != "no")
-SRCS+=	gss-genr.c auth2-gss.c gss-serv.c gss-serv-krb5.c
-LDADD+=	-lgssapi -lheimntlm
-DPADD+=	${LIBGSSAPI} ${LIBHEIMNTLM}
-
-LDADD+=	-lkafs
-DPADD+= ${LIBKAFS}
-
-SRCS+=	auth2-krb5.c
-LDADD+= ${LIBKRB5_LDADD}
-DPADD+= ${LIBKRB5_DPADD}
-.endif
-
-.if (${USE_LDAP} != "no")
-SRCS+=	ldapauth.c
-LDADD+=	${LIBLDAP_LDADD}
-DPADD+=	${LIBLDAP_DPADD}
-.endif
-
-LDADD+=	-lcrypt -lutil
-DPADD+=	${LIBCRYPT} ${LIBUTIL}
-
-LDADD+=	-lwrap
-DPADD+=	${LIBWRAP}
-
-.ifdef CRUNCHEDPROG
-CPPFLAGS+=-DSMALL
-.else
-LDADD+=	-lblocklist
-DPADD+=	${LIBBLOCKLIST}
-.endif
-
-COPTS.sshlogin.c+=	${CC_WNO_STRINGOP_TRUNCATION}
-COPTS.ldapauth.c+=	${CC_WNO_STRINGOP_TRUNCATION} ${CC_WNO_STRINGOP_OVERFLOW}
-COPTS.monitor.c+= -Wno-error=deprecated-declarations
-COPTS.kexgexs.c+= -Wno-error=deprecated-declarations
+SRCS=	sshd.c sshpty.c srclimit.c servconf.c auth2-methods.c \
+	groupaccess.c
+
+LDADD+=	-lutil
+DPADD+=	${LIBUTIL}
 
 .include <bsd.prog.mk>