Date: Sun, 26 Sep 2004 06:38:33 +1000 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: Derek Ragona <derek@computinginnovations.com> Cc: freebsd-security@freebsd.org Subject: Re: sshd security Message-ID: <20040925203833.GG83620@cirb503493.alcatel.com.au> In-Reply-To: <6.0.0.22.2.20040924082209.01f44ae0@mail.computinginnovations.com> References: <6.0.0.22.2.20040924082209.01f44ae0@mail.computinginnovations.com>
index | next in thread | previous in thread | raw e-mail
On Fri, 2004-Sep-24 08:22:12 -0500, Derek Ragona wrote:
>I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1
>server. But when I try to test it from an IP outside my LAN, it still
>allows ssh logins. I even put in a line in hosts.allow to explicitly deny
>the IP I was ssh'ing from, but it still let me in. The behavior gives the
>appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow
>file is ignored.
>
>Is there something I need to do to enable the wrappers in sshd? I saw that
>there is a compile option for the portable source from openssh.org, so I
>wonder if there is some compile option that needs to be enabled in
>make.conf?
Depending on how TCP wrappers are integrated into SSH, one possibility
is that you need /var/empty/etc/hosts.{allow,deny}
--
Peter Jeremy
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040925203833.GG83620>