Date: Wed, 07 May 2003 08:42:08 -0700 From: "Michael K. Smith" <mksmith@noanet.net> To: Dan Nelson <dnelson@allantgroup.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Where is tcpd? Message-ID: <BADE7760.104FF%mksmith@noanet.net> In-Reply-To: <20030507153632.GJ63345@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/7/03 8:36 AM, "Dan Nelson" <dnelson@allantgroup.com> wrote: > In the last episode (May 07), Michael K. Smith said: >> I would like to use TCP Wrappers for ssh connections to a box, and >> all of the literature regarding the inetd.conf configuration >> references /usr/sbin/tcpd. I have been unable to find tcpd anywhere >> on the system. Is there another way to reference the required files >> in inetd.conf? > > Hm? This is the only place tcpd is mentioned in the inetc.conf > manpage, and I think it answers your question pretty well. > > IMPLEMENTATION NOTES > > TCP Wrappers > When given the -w option, inetd will wrap all services specified > as ``stream nowait'' or ``dgram'' except for ``internal'' > services. If the -W option is given, such ``internal'' services > will be wrapped. If both options are given, wrapping for both > internal and external services will be enabled. Either wrapping > option will cause failed connections to be logged to the ``auth'' > syslog facility. Adding the -l flag to the wrapping options will > include successful connections in the logging to the ``auth'' > facility. > > Note that inetd only wraps requests for a ``wait'' service while > no servers are available to service requests. Once a connection > to such a service has been allowed, inetd has no control over > subsequent connec- tions to the service until no more servers are > left listening for connec- tion requests. > > When wrapping is enabled, the tcpd daemon is not required, as that > functionality is builtin. For more information on TCP Wrappers, > see the relevant documentation (hosts_access(5)). When reading > that document, keep in mind that ``internal'' services have no > associated daemon name. Therefore, the service name as specified > in inetd.conf should be used as the daemon name for ``internal'' > services. > Then I must have a misconfiguration somewhere. Here's what my inetd.conf entry looks like: ssh stream tcp nowait root /usr/sbin/sshd sshd -I And here is my inetd process: root 16368 0.0 0.3 1076 812 ?? Is 7:50AM 0:00.01 /usr/sbin/inetd -wW And my /etc/hosts.allow entry: sshd : .noanet.net But, when I run tcpdchk, I get: warning: /etc/hosts.allow, line 23: sshd: service possibly not wrapped Any ideas? Mike -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) mksmith@noanet.net http://www.noanet.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BADE7760.104FF%mksmith>