Re: [expert] msec level 4
On Sun, 26 Oct 2003, Michael Holt wrote: > I´ve got another msec question. I was working on a different > computer on my lan and hadn´t put it´s id in my hosts file on my > server yet. I was lazy and didn´t feel like getting on a system > which had access (for ssh that is) so I was trying different toys > to see which had access. I couldn´t get on user accounts using > ftp, or ssh, etc, but then I tried telnet and got right in. I > though, ´hmm, that´s odd...´ I don't run telnet (naturally ), but I'd guess that access to it is probably controlled by xinetd, rather than by /etc/hosts.allow. If that's the case, you'll have an /etc/xinetd.d/telnet[d] file where this sort of thing can be configured. After you've made any changes to that file, the xinetd service would need to be restarted, for those changes to "take". > I´m also able to get in using my domain name - which I´m not able > to do using ssh. I´m confused; why can I telnet get right in but > ssh is blocked? I know the obvious answer - remove telnet from > the server - but I would like more information about this before > removing the symptom. I usually need to add a line like this to /etc/hosts.allow: sshd : ALL Or, alternatively, to limit access to only coming from the LAN: sshd : 192.168.0. Note the trailing dot. That syntax translates to "192.168.0.*". Be sure to "urpme telnet-server" sometime soon, though! ;) HTH! -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 & 9.0 "Microsoft has a new version out, Windows XP, which according to every- body is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'" -- Dave Barry Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] msec level 4
On Sunday 26 October 2003 09:33 am, Michael Holt wrote: > Good morning, > I´ve got another msec question. I was working on a different > computer on my lan and hadn´t put it´s id in my hosts file on my > server yet. I was lazy and didn´t feel like getting on a system > which had access (for ssh that is) so I was trying different toys > to see which had access. I couldn´t get on user accounts using > ftp, or ssh, etc, but then I tried telnet and got right in. I > though, ´hmm, that´s odd...´ > I´m also able to get in using my domain name - which I´m not able > to do using ssh. I´m confused; why can I telnet get right in but > ssh is blocked? I know the obvious answer - remove telnet from > the server - but I would like more information about this before > removing the symptom. I would guess that something is either not configured correctly, you have installed some software that has changed the default settings, or you are hitting a different machine than you think you are hitting. I have tried this on my web server which is also set to msec level 4 and it does NOT work. Telnet connections are refused, just like SSH was initially until I opened that up using hosts.allow. It is possible that you have altered your hosts.deny file and the cron job that is supposed to change it back simply hasn't run yet, but it should get around to it. However, default at msec level 4 is to create a hosts.deny file that denies all. Until you explicitly allow connections in hosts.allow or remove hosts.deny, it should be refusing all connections. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] msec level 4
Bill Mullen mused: > I don't run telnet (naturally ), but I'd guess that access to > it is > probably controlled by xinetd, rather than by /etc/hosts.allow. If > that's > the case, you'll have an /etc/xinetd.d/telnet[d] file where this > sort of > thing can be configured. After you've made any changes to that > file, the > xinetd service would need to be restarted, for those changes to > "take". Actually, I was just playing with my linux box earlier and found that I can indeed ssh into the server. When I had the trouble, I had been running Windows 2000 from the same box. Some background... I have several small hdd´s that a friend gave me (4G) which I use to configure different systems on so that I can get familiar with them. I loaded win2k on such a drive and put it in a pull out bay and booted the system. I just used the same static ip that the regular system uses ´cause I didn´t want to add another host to my server. This was fine except that the machine name was different. I added that to the hosts file on the server. Anyway, I assume that my original problem must have been that I didn´t identify the Windows box the same as the linux box (ip, machine name, fqdn). As far as the telnet-server - done ;) I actually hadn´t realized that I had the server part installed -- doh! > Be sure to "urpme telnet-server" sometime soon, though! ;) > > HTH! Yes! It does! Thanks -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED](o_ (o_ //\ www.holt-tech.net(/)_ (/)_ V_/_www.mandrake.com < ¨For we are God´s workmanship, created in Christ Jesus to do good works, which God prepared in advance for us to do.¨ Eph. 2:10 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] msec level 4
Bryan Phinney mused: > I would guess that something is either not configured correctly, > you have > installed some software that has changed the default settings, or > you are > hitting a different machine than you think you are hitting. I > have tried > this on my web server which is also set to msec level 4 and it > does NOT work. > Telnet connections are refused, just like SSH was initially until > I opened > that up using hosts.allow. > > It is possible that you have altered your hosts.deny file and the > cron job > that is supposed to change it back simply hasn't run yet, but it > should get > around to it. However, default at msec level 4 is to create a > hosts.deny > file that denies all. Until you explicitly allow connections in > hosts.allow > or remove hosts.deny, it should be refusing all connections. > -- > Bryan Phinney > Software Test Engineer Hmm... I´m going to have to do some more playing around. I´ll let you know what I broke ;) -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED](o_ (o_ //\ www.holt-tech.net(/)_ (/)_ V_/_www.mandrake.com < ¨For we are God´s workmanship, created in Christ Jesus to do good works, which God prepared in advance for us to do.¨ Eph. 2:10 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
