Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Sep 2004 08:22:12 -0500
From:      Derek Ragona <derek@computinginnovations.com>
To:        terry@mrtux.co.uk, freebsd-security@freebsd.org
Subject:   Re:sshd security
Message-ID:  <6.0.0.22.2.20040924082209.01f44ae0@mail.computinginnovations.com>
next in thread | raw e-mail | index | archive | help 
I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1 
server.  But when I try to test it from an IP outside my LAN, it still 
allows ssh logins.  I even put in a line in hosts.allow to explicitly deny 
the IP I was ssh'ing from, but it still let me in.  The behavior  gives the 
appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow 
file is ignored.

Is there something I need to do to enable the wrappers in sshd?  I saw that 
there is a compile option for the portable source from openssh.org, so I 
wonder if there is some compile option that needs to be enabled in make.conf?

I have gone through the documentation for sshd_config, sshd, make.conf, 
etc. but am not finding anything to change.

         -Derek



At 07:37 AM 9/19/2004, Terry wrote:
>I had the same problem so i setup up hosts.allow to only allow access from 
>certain ips i require
>This has the affect of killing the connection from any other ip befor 
>gettign to any login prompt
>example below
>sshd : localhost : allow
>sshd : 192.168.2. : allow
>sshd : 82.41.115.213 :allow
>sshd : 216.123.248.219 : allow  <-- public ip i wish to allow of course i 
>have changed it
>sshd : all : deny
>
>This then shows in log instead of failed login attempts
>
>dot.blah.co.uk refused connections:
>Sep 17 22:11:55 dlt sshd[35669]: refused connect from 
>usen-219x113x213x21.ap-US.usen.ad.jp (219.113.213.21)
>
>Regards Terry
>
>
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20040924082209.01f44ae0>