From owner-freebsd-questions@FreeBSD.ORG Wed May 7 08:42:32 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7631E37B404 for ; Wed, 7 May 2003 08:42:32 -0700 (PDT) Received: from chimera.noanet.net (chimera.noanet.net [66.119.192.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id B462C43FAF for ; Wed, 7 May 2003 08:42:31 -0700 (PDT) (envelope-from mksmith@noanet.net) Received: from [64.81.189.2] (mks733.mks.noanet.net [64.81.189.2]) by chimera.noanet.net (8.12.8p1/8.12.8) with SMTP id h47FgEOw069377; Wed, 7 May 2003 08:42:14 -0700 (PDT) User-Agent: Microsoft-Entourage/10.1.1.2418 Date: Wed, 07 May 2003 08:42:08 -0700 From: "Michael K. Smith" To: Dan Nelson Message-ID: In-Reply-To: <20030507153632.GJ63345@dan.emsphone.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit cc: FreeBSD Questions Subject: Re: Where is tcpd? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2003 15:42:32 -0000 On 5/7/03 8:36 AM, "Dan Nelson" wrote: > In the last episode (May 07), Michael K. Smith said: >> I would like to use TCP Wrappers for ssh connections to a box, and >> all of the literature regarding the inetd.conf configuration >> references /usr/sbin/tcpd. I have been unable to find tcpd anywhere >> on the system. Is there another way to reference the required files >> in inetd.conf? > > Hm? This is the only place tcpd is mentioned in the inetc.conf > manpage, and I think it answers your question pretty well. > > IMPLEMENTATION NOTES > > TCP Wrappers > When given the -w option, inetd will wrap all services specified > as ``stream nowait'' or ``dgram'' except for ``internal'' > services. If the -W option is given, such ``internal'' services > will be wrapped. If both options are given, wrapping for both > internal and external services will be enabled. Either wrapping > option will cause failed connections to be logged to the ``auth'' > syslog facility. Adding the -l flag to the wrapping options will > include successful connections in the logging to the ``auth'' > facility. > > Note that inetd only wraps requests for a ``wait'' service while > no servers are available to service requests. Once a connection > to such a service has been allowed, inetd has no control over > subsequent connec- tions to the service until no more servers are > left listening for connec- tion requests. > > When wrapping is enabled, the tcpd daemon is not required, as that > functionality is builtin. For more information on TCP Wrappers, > see the relevant documentation (hosts_access(5)). When reading > that document, keep in mind that ``internal'' services have no > associated daemon name. Therefore, the service name as specified > in inetd.conf should be used as the daemon name for ``internal'' > services. > Then I must have a misconfiguration somewhere. Here's what my inetd.conf entry looks like: ssh stream tcp nowait root /usr/sbin/sshd sshd -I And here is my inetd process: root 16368 0.0 0.3 1076 812 ?? Is 7:50AM 0:00.01 /usr/sbin/inetd -wW And my /etc/hosts.allow entry: sshd : .noanet.net But, when I run tcpdchk, I get: warning: /etc/hosts.allow, line 23: sshd: service possibly not wrapped Any ideas? Mike -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) mksmith@noanet.net http://www.noanet.net