Re: ssh security

From: Terry (
Date: 09/24/04

  • Next message: Chris Orr: "Re: ssh security"
    Date: Fri, 24 Sep 2004 21:50:51 +0100

    Derek Ragona wrote:

    >> I tried to implement a similar scheme in my hosts.allow on a FreeBSD
    >> 5.2.1 server. But when I try to test it from an IP outside my LAN, it
    >> still allows ssh logins. I even put in a line in hosts.allow to
    >> explicitly deny the IP I was ssh'ing from, but it still let me in.
    >> The behavior gives the appearance that TCP wrappers are not enabled,
    >> and thus the /etc/hosts.allow file is ignored.
    >> Is there something I need to do to enable the wrappers in sshd? I saw
    >> that there is a compile option for the portable source from
    >>, so I wonder if there is some compile option that needs to
    >> be enabled in make.conf?
    >> I have gone through the documentation for sshd_config, sshd,
    >> make.conf, etc. but am not finding anything to change.
    >> -Derek
    >> At 07:37 AM 9/19/2004, Terry wrote:
    >>>> I had the same problem so i setup up hosts.allow to only allow access
    >>>> from certain ips i require
    >>>> This has the affect of killing the connection from any other ip befor
    >>>> gettign to any login prompt
    >>>> example below
    >>>> sshd : localhost : allow
    >>>> sshd : 192.168.2. : allow
    >>>> sshd : :allow
    >>>> sshd : : allow <-- public ip i wish to allow of
    >>>> course i have changed it
    >>>> sshd : all : deny
    >>>> This then shows in log instead of failed login attempts
    >>>> refused connections:
    >>>> Sep 17 22:11:55 dlt sshd[35669]: refused connect from
    >>>> (
    >>>> Regards Terry
    I read some where the order is important have you tried exactly as i
    posted only changed ip's to fit your setup ?
    My freebsd version is 4.10 and i made no other changes i think tcp
    wrappers are default

    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Chris Orr: "Re: ssh security"

    Relevant Pages

    • Re: sshd security
      ... >server. ... >allows ssh logins. ... >there is a compile option for the portable source from, ... Depending on how TCP wrappers are integrated into SSH, ...
    • [HPADM] how to set tcp wrappers
      ... /etc/inetd.conf are not wrapped (first one is omni which is ... omnibackup from HP): ... I found 3 tcp wrappers in my system, ...