HowTo: to enable tcpwrapper in openssh for SUSE(linux)

From: Klaus Lehmann (
Date: 04/22/05

Date: Fri, 22 Apr 2005 10:13:50 +0200

a small howto
[thanks to Darren Tucker, who showed me right way (to babylon)]

on default there's no support for tcp-warppers in SUSE's openssh.

why it is so certain?
If You will use a host_deny_list (like me! there I have listed all
ip_numbers, they don't have to knock on my ssh_door_bell), You must have
an openSSH WITH build_in_support for tcp-warppers.
[WHY doesn't have SUSE this compiled?]

read on!

1. You need following packages:
(they depends from version for: tcpd and pam!)

2. get openssh-3.9p1-1.src.rpm (by example)

3. configure it, like this:
configure --prefix=/usr --sysconfdir=/etc/ssh
--datadir=/usr/share/openssh --with-pam
--with-gnome-askpass --with-tcp-wrappers
--with-ipv4-default --libexecdir=/usr/lib/ssh --with-md5-passwords

(=one LINE!)

You'll get something like this:

OpenSSH has been configured with the following options:
          User binaries: /usr/bin
          System binaries: /usr/sbin
          Configuration files: /etc/ssh
          Askpass program: /usr/lib/ssh/ssh-askpass
          Manual pages: /usr/man/manX
          PID file: /var/run
          Privilege separation chroot path: /var/empty
          sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
          Manpage format: doc
          PAM support: yes
          KerberosV support: no
          Smartcard support: no
          S/KEY support: no
          TCP Wrappers support: yes
          MD5 password support: yes
          IP address in $DISPLAY hack: no
          Translate v4 in v6 hack: yes
          BSD Auth support: no
          Random number source: OpenSSL internal ONLY
          Host: i686-pc-linux-gnu
          Compiler: gcc
          Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
          Preprocessor flags:
          Linker flags:
          Libraries: -lwrap -lpam -ldl -lresolv -lcrypto -lutil -lz
-lnsl -lcrypt

    PAM is enabled. You may need to install a PAM control file
    for sshd, otherwise password authentication may fail.
    Example PAM control files can be found in the contrib/

4. check with "nm", if there are symbols in openssh
[DTucker told this! thanks!]
nm sshd | grep refuse

You'll get: U refuse

5. than go on with installing with YOUR personal compiled package ;-)
make and make install

hope, there's no error