Re:sshd security

• Previous message: Nick Cleaton: "Re: Attacks on ssh port"
• Maybe in reply to: Terry: "Re:sshd security"
• Next in thread: Peter Jeremy: "Re: sshd security"
• Reply: Peter Jeremy: "Re: sshd security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 24 Sep 2004 08:22:12 -0500
To: terry@mrtux.co.uk, freebsd-security@freebsd.org

I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1
server. But when I try to test it from an IP outside my LAN, it still
allows ssh logins. I even put in a line in hosts.allow to explicitly deny
the IP I was ssh'ing from, but it still let me in. The behavior gives the
appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow
file is ignored.

Is there something I need to do to enable the wrappers in sshd? I saw that
there is a compile option for the portable source from openssh.org, so I
wonder if there is some compile option that needs to be enabled in make.conf?

I have gone through the documentation for sshd_config, sshd, make.conf,
etc. but am not finding anything to change.

         -Derek

At 07:37 AM 9/19/2004, Terry wrote:
>I had the same problem so i setup up hosts.allow to only allow access from
>certain ips i require
>This has the affect of killing the connection from any other ip befor
>gettign to any login prompt
>example below
>sshd : localhost : allow
>sshd : 192.168.2. : allow
>sshd : 82.41.115.213 :allow
>sshd : 216.123.248.219 : allow <-- public ip i wish to allow of course i
>have changed it
>sshd : all : deny
>
>This then shows in log instead of failed login attempts
>
>dot.blah.co.uk refused connections:
>Sep 17 22:11:55 dlt sshd[35669]: refused connect from
>usen-219x113x213x21.ap-US.usen.ad.jp (219.113.213.21)
>
>Regards Terry
>
>
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Nick Cleaton: "Re: Attacks on ssh port"
• Maybe in reply to: Terry: "Re:sshd security"
• Next in thread: Peter Jeremy: "Re: sshd security"
• Reply: Peter Jeremy: "Re: sshd security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: sshd attacks ... but if you know the usernames you want you could use ... > from your sshd server before anyone can break your encryption. ... > taht finds open sshd services and tests common user names and password. ... You could also do something where you login with PK to an account whose ... (comp.unix.bsd.freebsd.misc) Re: strange and serious problem about user login ... > any service other than root. ... > and I try to login as normal user except root, ... > and when I start sshd in this pc, I get no errors, but when I check ... (Fedora) Signal 1, Name stays on "who" list under Linux ... I'm not too sure if this is off topic, it might be a bug in sshd which is ... OpenSSH v3.4p1, SSH protocols 1.5/2.0 ... 1> connect to the linux box via SSH client and login as any user ... To get past step 2 you have to enter root password, ... (comp.security.ssh) Re: autoblocking many ssh failed logins from the same IP.... ... > daemon) to stop accepting login attempts from a given IP if it tries ... > actually just read the man pages and figure out how to get sshd to ... You can have multiple AllowUsers entries if you want more than one user ... To unsubscribe, ... (freebsd-questions) OpenSSH failed non-root login ... sshd is denying any non-root logins. ... After restarting sshd it works fine and root login always works, ... ENOTTY (Inappropriate ioctl for device) ... (comp.security.ssh)