From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 20 04:05:08 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A469F16A400
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Mar 2006 04:05:08 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B0B0243D45
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Mar 2006 04:05:07 +0000 (GMT) (envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.13.1/8.12.11) with ESMTP id k2K44xEu058756
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 20 Mar 2006 11:04:59 +0700 (ICT)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.13.3/8.12.11) id k2K44vK8063137;
	Mon, 20 Mar 2006 11:04:57 +0700 (ICT)
Date: Mon, 20 Mar 2006 11:04:57 +0700 (ICT)
Message-Id: <200603200404.k2K44vK8063137@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: wsantee@gmail.com
In-reply-to: <441D9897.7050409@gmail.com> (message from Wes Santee on Sun, 19
	Mar 2006 09:44:55 -0800)
References: <441CA1F9.20301@chrismaness.com>	<5ceb5d550603190128q5f3e46c3o84e4b45236df0883@mail.gmail.com>	<441D71FE.2070003@chrismaness.com>	<200603191032.21530.gerard@seibercom.net>
	<441D8695.2000005@orchid.homeunix.org> <441D9897.7050409@gmail.com>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Cc: freebsd@orchid.homeunix.org, freebsd-questions@freebsd.org
Subject: Re: hosts.allow ?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2006 04:05:08 -0000

> I'm not sure this is correct.  If you read sshd(8), you'll see in the
> FILES section that sshd will read /etc/hosts.allow and /etc/hosts.deny
> on its own (i.e. it's compiled/linked with libwrap).  Looking at
> /usr/src/crypto/openssh/Makefile.in for the sshd target verifies this.

That and sshd will re-read the file at each new connection or as soon
as the file is changed. You don't need any signal/restarting of sshd
to make the new wrapping policy effective.

Olivier