Date: Mon, 17 Apr 2000 09:06:05 -0400 From: Keith Stevenson <k.stevenson@louisville.edu> To: Kresimir Kumericki <kkumer@phy.hr> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: sshd and tcp-wrappers Message-ID: <20000417090605.A2443@osaka.louisville.edu> In-Reply-To: <20000417150004.A2376@phy.hr>; from kkumer@phy.hr on Mon, Apr 17, 2000 at 03:00:04PM %2B0200 References: <20000417122732.A1826@phy.hr> <20000417082136.C95086@osaka.louisville.edu> <20000417150004.A2376@phy.hr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 17, 2000 at 03:00:04PM +0200, Kresimir Kumericki wrote: > On (17 Apr 08:21), Keith Stevenson wrote: > > The ports version of TCP Wrappers looks for its files in /usr/local/etc. > [...] > > The base system version of TCP Wrappers uses the files in /etc. > > Uh yes. I should have guessed that. Now I symlinked /etc/hosts.allow > to /usr/local/etc/hosts.allow and it works fine. Thanks. > That leaves only the question why is it stated in hosts.allow that > "wrapping sshd(8) is not normally a good idea." > Maybe TCP wrappers before worked only with inetd and you don't want > to start sshd from inetd because of key generation so this is some kind > relic from that time or something? Just guessing. sshd(8) provides its own internal facility for allowing or denying hosts based upon IP address. Using both the internal facility and TCP Wrappers would incur additional work on accepted connections. Personally, I use TCP Wrappers on SSH and disable the internal facility. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000417090605.A2443>