RE: Using wrappers w/ssh

From: Baker, Darryl (Darryl.Baker_at_gedas.com)
Date: 09/30/04

  • Next message: Laurence Moughan: "Re: Blocking ssh but not sftp/scp"
    To: "'secureshell@securityfocus.com'" <secureshell@securityfocus.com>
    Date: Thu, 30 Sep 2004 12:11:52 -0400
    
    
    

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I have a related question:
    I never run sshd out of inetd. I've always run it as a standalone
    daemon. Can this be done?

    _____________________________________________________________________
    Darryl Baker
    gedas USA, Inc.
    Operational Services Business Unit
    3800 Hamlin Road
    Auburn Hills, MI 48326
    US
    phone +1-248-754-5341
    fax +1-248-754-6399
    Darryl.Baker@gedas.com
    http://www.gedasusa.com
    _____________________________________________________________________

    > -----Original Message-----
    > From: Bill Edison [mailto:edison@newpaltz.edu]
    > Sent: Thursday, September 30, 2004 7:47 AM
    > To: secureshell@securityfocus.com
    > Subject: Re: Using wrappers w/ssh
    >
    >
    >
    > Thanks to everyone who replied to my first post. I went ahead and
    > installed it on my test machine,
    > this is AIX 5.1, with the only config parameter being
    > --with-tcp-wrappers. It seemed to configure,
    > compile and install without a problem, as did the 4 or 5 or 6
    > included
    > verification modules. I'm probably making a
    > conceptual mistake here, but I've tried using both methods to run
    > it- (1) changing inetd to point to tcpd
    > instead of the original routine and (2) moving the real routines
    > (ftpd...etc.) into another sub directory
    > and replacing them with renamed tcpd modules. Regardless of
    > the method
    > or restrictions in hosts.deny
    > it grants access to anyone and any service. At least it's not
    > picky. I
    > finally set hosts.deny to deny anything
    > to anyone and it still grants all services to anyone. But running
    > tcpdmatch and/or tcpdchk yields the correct
    > action/information. I thought maybe it was picking up an
    > obscure module
    > maybe from a different folder
    > so I tried renaming/removing tcpd. This resulted in a failed
    > connection
    > so at least it's sending packets to
    > the right place and, using the correct code. It acts as if it's
    > not seeing hosts.deny. The permissions look ok on this,
    > so it just grants access. Is there a way to find out what's going
    > on here? Where am I going wrong?
    >
    > tks,
    > Bill Edison
    >
    >
    > >Anyone using tcpwrappers with ssh? We're running a RISC 6000 w/AIX
    > > 5.2002 Just wondering
    > >about any problems/quirks.
    >
    > Hope the weekend was good,
    > cheers,
    > Bill Edison
    >
    > >
    > >
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Security 7.0.3

    iQA/AwUBQVwwSVe1Bhkj9lZeEQKU7QCg/M5NS8B339Q0m2L9Mwou6VpIV5kAnR86
    xLp2ZLhY/YdBGo1qyBZYHmdY
    =Hkum
    -----END PGP SIGNATURE-----
     

    
    



  • Next message: Laurence Moughan: "Re: Blocking ssh but not sftp/scp"

    Relevant Pages

    • Re: Using wrappers w/ssh
      ... compile and install without a problem, as did the 4 or 5 or 6 included ... and replacing them with renamed tcpd modules. ... it grants access to anyone and any service. ... Bill Edison ...
      (SSH)
    • Re: src/libexec/tcpd doesnt work correctly with -DPROCESS_OPTIONS
      ... > When given the -w option, inetd will wrap all services specified as ... > to use tcpd to wrap your telnetd session. ... > adding a banner to my ftpd and telnetd daemons without using the tcpd ... > and then killed -HUP the inetd process, the inetd process wanted the banner ...
      (freebsd-current)
    • Re: src/libexec/tcpd doesnt work correctly with -DPROCESS_OPTIONS
      ... Either wrapping option will cause failed connections to be ... If you are using the default flags to inetd, ... to use tcpd to wrap your telnetd session. ... and then killed -HUP the inetd process, the inetd process wanted the banner ...
      (freebsd-current)
    • Re: Daemons On Request Only - Help
      ... >> I can't find in manuals for tcpd and inetd how to automatically shut ... The tcpd sepuer server is still listening and will re-activate the ... unwanted daemons. ...
      (comp.os.linux.security)
    • Re: Disbaling direct remote root logins using SSH
      ... the inetd daemon is tricked into running the tcpd ... > program instead of the desired server. ... Inetd is required for 'tcpd', but tcpd is only one component of tcp ... Arbitrary programs (such as sshd) may choose to compile with the libwrap ...
      (comp.unix.solaris)