Date: Fri, 24 Sep 2004 16:03:04 -0500 (EST) From: Chris Orr <chris@manual-override.net> To: freebsd-security@freebsd.org Subject: Re: ssh security Message-ID: <20040924160019.K77746@manual-override.net> In-Reply-To: <415488AB.2060803@mrtux.co.uk> References: <20040923120103.5DD3116A517@hub.freebsd.org> <415488AB.2060803@mrtux.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
When you build openssh, you need to be sure to add the --with-tcp-wrappers argument when you run the configure script. ex: ./configure --with-ssl-dir=../openssl --with-pam --with-tcp-wrappers Hopefully this points you in the right direction. -chris On Fri, 24 Sep 2004, Terry wrote: > Derek Ragona wrote: > > > >> I tried to implement a similar scheme in my hosts.allow on a FreeBSD > >> 5.2.1 server. But when I try to test it from an IP outside my LAN, it > >> still allows ssh logins. I even put in a line in hosts.allow to > >> explicitly deny the IP I was ssh'ing from, but it still let me in. > >> The behavior gives the appearance that TCP wrappers are not enabled, > >> and thus the /etc/hosts.allow file is ignored. > >> > >> Is there something I need to do to enable the wrappers in sshd? I saw > >> that there is a compile option for the portable source from > >> openssh.org, so I wonder if there is some compile option that needs to > >> be enabled in make.conf? > >> > >> I have gone through the documentation for sshd_config, sshd, > >> make.conf, etc. but am not finding anything to change. > >> > >> -Derek > >> > >>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040924160019.K77746>