HowTo: to enable tcpwrapper in openssh for SUSE(linux)

From: Klaus Lehmann (lehmann_klaus_at_t-online.de)
Date: 04/22/05


Date: Fri, 22 Apr 2005 10:13:50 +0200

a small howto
[thanks to Darren Tucker, who showed me right way (to babylon)]

on default there's no support for tcp-warppers in SUSE's openssh.

why it is so certain?
If You will use a host_deny_list (like me! there I have listed all
ip_numbers, they don't have to knock on my ssh_door_bell), You must have
an openSSH WITH build_in_support for tcp-warppers.
[WHY doesn't have SUSE this compiled?]

read on!

1. You need following packages:
tcpd-devel
pam-devel
(they depends from version for: tcpd and pam!)

2. get openssh-3.9p1-1.src.rpm (by example)

3. configure it, like this:
configure --prefix=/usr --sysconfdir=/etc/ssh
--datadir=/usr/share/openssh --with-pam
--with-gnome-askpass --with-tcp-wrappers
--with-ipv4-default --libexecdir=/usr/lib/ssh --with-md5-passwords

(=one LINE!)

You'll get something like this:

OpenSSH has been configured with the following options:
          User binaries: /usr/bin
          System binaries: /usr/sbin
          Configuration files: /etc/ssh
          Askpass program: /usr/lib/ssh/ssh-askpass
          Manual pages: /usr/man/manX
          PID file: /var/run
          Privilege separation chroot path: /var/empty
          sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
          Manpage format: doc
          PAM support: yes
          KerberosV support: no
          Smartcard support: no
          S/KEY support: no
          TCP Wrappers support: yes
          MD5 password support: yes
          IP address in $DISPLAY hack: no
          Translate v4 in v6 hack: yes
          BSD Auth support: no
          Random number source: OpenSSL internal ONLY
          Host: i686-pc-linux-gnu
          Compiler: gcc
          Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
          Preprocessor flags:
          Linker flags:
          Libraries: -lwrap -lpam -ldl -lresolv -lcrypto -lutil -lz
-lnsl -lcrypt

    PAM is enabled. You may need to install a PAM control file
    for sshd, otherwise password authentication may fail.
    Example PAM control files can be found in the contrib/
    subdirectory

4. check with "nm", if there are symbols in openssh
[DTucker told this! thanks!]
nm sshd | grep refuse

You'll get: U refuse

5. than go on with installing with YOUR personal compiled package ;-)
make and make install

hope, there's no error
Yours
klaus



Relevant Pages

  • Re: HowTo: to enable tcpwrapper in openssh for SUSE(linux)
    ... > on default there's no support for tcp-warppers in SUSE's openssh. ... Which SuSE? ...
    (comp.security.ssh)
  • Re: FW: No longer can connect
    ... SSH should allow you to log in as anybody (except maybe root) ... The previous suggestion of installing "normally" from the command line ... special configuration methods that openssh doesn't expect. ...
    (SSH)
  • X11 Forwarding
    ... ssh -vv -X user@host ... the relevant options are set as: ... installing XFree86 on Slackware 9.0 after initial OS installation (using ... Server is OpenSSH 3.5p1, OpenSSL 0.9.7a ...
    (SSH)
  • Re: OpenSSH - CSSA-2003-SCO.24
    ... |> After installing CSSA-2003-SCO.24, I am getting the following error: ... |> Then the login session is closed. ... |> than root attempts to login via ssh. ... | I haven't tried uninstalling and trying to build the OpenSSH package ...
    (comp.unix.sco.misc)
  • Re: Latest OpenSSH cant find latest OpenSSL
    ... on us for documentation for installing the latest openSSH, openSSL, etc. ... When these little quirks come up, it makes it harder for clients ... trying to install ssh & ssl when reading step-by-step instructions. ...
    (comp.security.ssh)