openssh, tcpd and inetd

From: Steven Fairly (ipaint@sdf.lonestar.org)
Date: 01/15/02


From: Steven Fairly <ipaint@sdf.lonestar.org>
Date: Mon, 14 Jan 2002 16:40:11 -0800

I'm a bit behind here. I'm missing something regarding security in OpenSSH.
My former SSHd used "DenyHosts" in /etc/sshd_config to block incoming
hosts. From
what I've read, there's nothing similar in OpenSSH.

"--with-tcp-wrappers" appears to be encouraged when configuring openssh.
Unless I've totally missed something, doesn't TCP Wrappers only provide blocks
for those programs in inetd.conf? And, if not, how does one block
access if
sshd is not in inetd.conf? (which I don't want it to be).

Also, I did try to use "--with-tcp-wrappers" but I get:

    configure: error: *** libwrap missing

libwrap.a is in /op/tcp_wrappers_7.6 so how do I make the configure
script find
it?

My configure command:
./configure --with-openssl-dir=/usr/local/ssl --with-entropy-pool=/dev/random
--with-pam --with-tcp-wrappers

My software:
OpenSSH 3.0.2p1
OpenSSL 0.9.6b
Solaris 7
TCP Wrappers 7.6
EGD 0.8
Zlib 1.1.3

Thanks for any help.

Steven



Relevant Pages

  • Re: OpenSSH Certkey (PKI)
    ... rationale for this simple and easy PKI functionality in OpenSSH. ... Managing a large m:n relationship of users and hosts in OpenSSH is ... Users tend not to verify server pubkey fingerprints out of band ... It adds a certificate to the public key of a ssh user so the ssh ...
    (freebsd-current)
  • Re: SSH on SCO
    ... >On a SCO 5.0.5 with a recent Skunkware version of sshd/ssh, ... >hosts who may connect? ... Are you using ssh or openssh, if you use openssh the configuration file ... "La perfection n'est pas lorsqu'il n'y a plus rien ajouter, ...
    (comp.unix.sco.misc)
  • Re: TCP Wrappers not reporting username in syslog
    ... I have a compiled version of openssh with libwrap compiled ... > doesn't report the username in the access denied line in syslog. ... It works on network layer, ... it's TCP Wrappers not ...
    (comp.security.unix)
  • allow root only from certain hosts
    ... I need to allow root to a couple of my servers but only from certain ... hosts. ... I'm running RH's version of openssh with the latest updates. ...
    (SSH)
  • Re: Hardening a Solaris system.
    ... >but if you don't use inetd, there's really no point in tcp wrappers. ... Many things come with tcpwrappers built into them, ... including OpenSSH, xinetd, UCD-SNMP, and many others. ...
    (comp.unix.solaris)