[olug] wrapping sshd on Debian
Christopher Cashell
topher-olug at zyp.org
Fri Jan 5 19:25:01 UTC 2007
At Thu, 04 Jan 07, Unidentified Flying Banana nealr, said:
> What does one have to do to make sshd honor /etc/hosts.allow on
> Debian(Knoppix)??? I suppose this is something stupid I'll find right
> after I hit send but for the moment I am scratching my head.
I don't havve a Knoppix system handy, but I know for stock Debian (and
Ubuntu) ssh is linked to tcp wrapper.
Per the hosts_allow(5) man page:
The access control software consults two files. The search stops at
the first match:
o Access will be granted when a (daemon,client) pair matches an
entry in the /etc/hosts.allow file.
o Otherwise, access will be denied when a (daemon,client) pair
matches an entry in the /etc/hosts.deny file.
o Otherwise, access will be granted.
So, as Phil said, I would check to make sure that /etc/hosts.deny is
properly denying everyone (except those hosts already allowed through
via /etc/hosts.allow). If that's missing or otherwise not catching,
then it's going to default to allowing.
--
| Christopher
+------------------------------------------------+
| Here I stand. I can do no other. |
+------------------------------------------------+
More information about the OLUG
mailing list