From owner-freebsd-stable Mon Apr 17 5:21:53 2000 Delivered-To: freebsd-stable@freebsd.org Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id 4311E37B6E2 for ; Mon, 17 Apr 2000 05:21:51 -0700 (PDT) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id 5D02524D92; Mon, 17 Apr 2000 08:21:50 -0400 (EDT) Received: by osaka.louisville.edu (Postfix, from userid 15) id 2CD7718616; Mon, 17 Apr 2000 08:21:36 -0400 (EDT) Date: Mon, 17 Apr 2000 08:21:36 -0400 From: Keith Stevenson To: Kresimir Kumericki Cc: freebsd-stable@FreeBSD.ORG Subject: Re: sshd and tcp-wrappers Message-ID: <20000417082136.C95086@osaka.louisville.edu> References: <20000417122732.A1826@phy.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000417122732.A1826@phy.hr>; from kkumer@phy.hr on Mon, Apr 17, 2000 at 12:27:33PM +0200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Apr 17, 2000 at 12:27:33PM +0200, Kresimir Kumericki wrote: > Hi! > I am a bit confused about tcp-wrapping the sshd. On my > 3.4-STABLE machine sshd1 (port) ignores instructions in hosts.allow. > This seemed ok to me since it says in hosts.allow: > > # Wrapping sshd(8) is not normally a good idea > > and I assumed that sshd is not wrapped. Now I see that 'ldd sshd' > gives: libwrap.so.7 => /usr/local/lib/libwrap.so.7 (0x280a4000) > so why doesn't it obey hosts.allow? The ports version of TCP Wrappers looks for its files in /usr/local/etc. > > On the other hand, my new 4.0-STABLE sshd (part of a base system) > is tcp-wrapped by default and obeys hosts.allow, although there still > stands that "wrapping sshd(8) is not normally a good idea." (And > why is it not a good idea?) The base system version of TCP Wrappers uses the files in /etc. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message