On Thursday 21 June 2001 11:36 am, Raymund dos Remedios wrote:
> To enable tcp wrappers for ssh you will need to include
>
> --with-tcp-wrappers and I believe you will need to have the tcp_wrappers
> package installed so that you would have access to libwrap.a
>
> You will have to run the sshd from the inetd. Which is why if I recall
> someone posted that you run the sshd -i.
>
> It is not a recommended way of running the daemon ...
>
> extract of man page:
>
> "-i Specifies that sshd is being run from inetd. sshd is normally
> not run from inetd because it needs to generate the server key
> before it can respond to the client, and this may take tens of
> seconds. Clients would have to wait too long if the key was
> re� generated every time. However, with small key sizes (e.g., 512) using
> sshd from inetd may be feasible."
>
Apologies all around. This is incorrect. :-( If you build sshd with tcp
wrappers, you can use the hosts.allow, etc... files without having to run the
sshd from the inetd. I believe the standard rpm of openssh from redhat 7.1
already comes with this feature enabled.
> If you run the daemon stand alone and you wish to restrict users who can
> log in using ssh, you can configure the "AllowUsers" , "DenyUsers",
> "AllowGroups" , and/or "DenyUsers" keyword in the sshd_config file. There
> are various other configuration keywords that allow you to configure
> logging levels and address restrictions among other things.
>
You can still use these options though. :-)
> Hope this helps...
>
> Raymund
> _
> Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph To leave: send "unsubscribe" in the body to
> [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
> [EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
