From owner-freebsd-stable Mon Apr 17 3:28:43 2000 Delivered-To: freebsd-stable@freebsd.org Received: from macbeth.phy.hr (macbeth.phy.hr [161.53.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 0FA7E37B739 for ; Mon, 17 Apr 2000 03:28:21 -0700 (PDT) (envelope-from kkumer@macbeth.phy.hr) Received: (from kkumer@localhost) by macbeth.phy.hr (8.9.3/8.9.3) id MAA01863 for freebsd-stable@FreeBSD.ORG; Mon, 17 Apr 2000 12:27:33 +0200 (CEST) (envelope-from kkumer) Date: Mon, 17 Apr 2000 12:27:33 +0200 From: Kresimir Kumericki To: freebsd-stable@FreeBSD.ORG Subject: sshd and tcp-wrappers Message-ID: <20000417122732.A1826@phy.hr> Reply-To: kkumer@phy.hr Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! I am a bit confused about tcp-wrapping the sshd. On my 3.4-STABLE machine sshd1 (port) ignores instructions in hosts.allow. This seemed ok to me since it says in hosts.allow: # Wrapping sshd(8) is not normally a good idea and I assumed that sshd is not wrapped. Now I see that 'ldd sshd' gives: libwrap.so.7 => /usr/local/lib/libwrap.so.7 (0x280a4000) so why doesn't it obey hosts.allow? On the other hand, my new 4.0-STABLE sshd (part of a base system) is tcp-wrapped by default and obeys hosts.allow, although there still stands that "wrapping sshd(8) is not normally a good idea." (And why is it not a good idea?) Could somebody clarify this situation? -- ------------------------------------------------------------- Kresimir Kumericki kkumer@phy.hr http://www.phy.hr/~kkumer/ Theoretical Physics Department, University of Zagreb, Croatia ------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message