From owner-freebsd-stable Mon Apr 17 6: 6:10 2000 Delivered-To: freebsd-stable@freebsd.org Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id 188EB37B6CB for ; Mon, 17 Apr 2000 06:06:07 -0700 (PDT) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id 4D22D2548F; Mon, 17 Apr 2000 09:06:06 -0400 (EDT) Received: by osaka.louisville.edu (Postfix, from userid 15) id C4F5518616; Mon, 17 Apr 2000 09:06:05 -0400 (EDT) Date: Mon, 17 Apr 2000 09:06:05 -0400 From: Keith Stevenson To: Kresimir Kumericki Cc: freebsd-stable@FreeBSD.ORG Subject: Re: sshd and tcp-wrappers Message-ID: <20000417090605.A2443@osaka.louisville.edu> References: <20000417122732.A1826@phy.hr> <20000417082136.C95086@osaka.louisville.edu> <20000417150004.A2376@phy.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000417150004.A2376@phy.hr>; from kkumer@phy.hr on Mon, Apr 17, 2000 at 03:00:04PM +0200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Apr 17, 2000 at 03:00:04PM +0200, Kresimir Kumericki wrote: > On (17 Apr 08:21), Keith Stevenson wrote: > > The ports version of TCP Wrappers looks for its files in /usr/local/etc. > [...] > > The base system version of TCP Wrappers uses the files in /etc. > > Uh yes. I should have guessed that. Now I symlinked /etc/hosts.allow > to /usr/local/etc/hosts.allow and it works fine. Thanks. > That leaves only the question why is it stated in hosts.allow that > "wrapping sshd(8) is not normally a good idea." > Maybe TCP wrappers before worked only with inetd and you don't want > to start sshd from inetd because of key generation so this is some kind > relic from that time or something? Just guessing. sshd(8) provides its own internal facility for allowing or denying hosts based upon IP address. Using both the internal facility and TCP Wrappers would incur additional work on accepted connections. Personally, I use TCP Wrappers on SSH and disable the internal facility. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message