From owner-freebsd-security Wed Mar 15 12:36: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.fns.matrix.com.br (smtp.matrix.com.br [200.202.17.7]) by hub.freebsd.org (Postfix) with ESMTP id 45FD037BA4A for ; Wed, 15 Mar 2000 12:35:40 -0800 (PST) (envelope-from camposr@MATRIX.COM.BR) Received: from speed.matrix.com.br (speed.matrix.com.br [200.196.0.241]) by smtp.fns.matrix.com.br (Postfix) with ESMTP id 112495A572; Wed, 15 Mar 2000 17:36:51 -0300 (EST) Date: Wed, 15 Mar 2000 17:35:33 -0300 (EST) From: Rodrigo Campos X-Sender: speed@speed.matrix.com.br To: Sheldon Hearn Cc: freebsd-security@freebsd.org Subject: Re: wrapping sshd In-Reply-To: <59327.953151264@axl.ops.uunet.co.za> Message-ID: Organization: Matrix Network MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 15 Mar 2000, Sheldon Hearn wrote: > > > On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote: > > > In the /etc/hosts.allow file there's a comment saying that "is not > > normally a good idea" to wrapp sshd(8) > > The answer has nothing to do with secrurity, although you couldn't have > known that without reading the sshd(8) manual page. :-) > > Look for the first occurance of the word inetd in the sshd(8) manual > page. But my question has nothing to do with inetd, by "wrapping sshd" I mean compiling it with support to libwrap, wich would make it read the /etc/hosts.allow file in order to grant or deny access based on the client hostname or ip address, even when it's running as a daemon. -- ________________________ Rodrigo Albani de Campos Matrix Internet - NOC http://www.br-unix.org/users/campos/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message