Re: tcp_wrappers x SSH

From: Doug Hughes (doug@Eng.Auburn.EDU)
Date: 05/29/02


Date: Wed, 29 May 2002 12:45:51 -0500 (CDT)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: Marcelo de Souza <marcelo@acme-ids.org>

On Wed, 29 May 2002, Marcelo de Souza wrote:

>
> Hi all,
>
> I'd like to know how to set my SSH server to work together with tcp_wrappers
> over Solaris.
>
> I've compiled SSH version 3.1.2, with tcp_wrappers support. However, my
> /etc/hosts.allow (deny) settings do not work.
>
> What could be the problem? What's the right way to do this?
>
> Thank you in advance.
>

is it possible that the name you are using for your daemon when running
is not the same as what you are putting in hosts.allow?
(e.g. opensshd vs sshd or something)

It's hard to tell without more details. What sort of hosts.allow and
hosts.deny entries do you have?
normally something like this should work:

hosts.deny:
sshd: ALL

hosts.allow:
sshd: w.x.y.z my.foo.bar n.n.n.n/m.m.m.m

(assuming the daemon is running as sshd)



Relevant Pages

  • ssh + redhat 7.1
    ... How do i start up the ssh server? ... Is sshd the daemon for ssh, ... so i set up my servers on high ports. ...
    (comp.os.linux.security)
  • RE: X11 Forwarding
    ... Upon receipt of a connection request, ... the daemon forks, creating a new process. ... I guess all those forums out there saying that sshd reads the config ... First do a "ps -f" to get the PPID ...
    (SSH)
  • Re: Rebuilding OpenSSH on RedHat 7.3
    ... I compiled using a prefix of /usr instead of /usr/local, ... seem to put the daemon in /usr/sbin where the default location is for RH ... the init script points at the correct sshd. ... other binaries are not in the right place because sshd that got ...
    (comp.security.ssh)
  • Re: [opensuse] What is with the script kiddies tonight??
    ... That file is used by more than just sshd. ... meaning you have already logged in to some daemon or other by the time ... mplayer was just a bit more embellishment, the icing on the cake, if you will. ... If it is just an automated dictionary attack, ...
    (SuSE)
  • Re: a GOOD idea to harden OpenSSH!
    ... This could be a massive impediment to legitimate automated connections. ... if a user wants to connect to an ssh server then he have to wait a couple of seconds, then he can write his passphare. ... the "couple of seconds" is defined in the sshd config, ...
    (SSH)