Re: configure ssh and tcp wrappers

Mon, 18 Oct 1999 13:51:05 -0700 


To get it to use tcp wrappers, make sure that the service name in
/etc/hosts.allow|deny matches the name of the executable you're using. If
the server is launched as "sshd2" then the service name in
/etc/hosts.allow and /etc/hosts.deny must be "sshd2". Likewise if the
executable is launched as "sshd"... The same thing goes for tcpdmatch --
make sure the service name jatches the executable name, e.g. "tcpdmatch
sshd2 my.example.com"

You don't have to launch sshd via inetd to have it use the libwrap. Just
compile in libwrap support, add it to the hosts files, and there ya go. In
fact, it's recommended to not use sshd via inetd because of the extreme
performance penalty.

--
Gregor Mosheh
[EMAIL PROTECTED]
On-Site Systems Admin, Humboldt Internet
707.825.4638


On Sat, 16 Oct 1999, Phil Hurvitz wrote:

> I'm interested in using ssh with tcp wrappers.  I've successfully compiled
> tcp wrappers and configured, confirmed that services like finger and
> telnet are using the wrappers.  I recompiled ssh1 & 2, verified ssh1
> compatibility, but I'm now stumped.
> 
> My question is: do I then kill the normally running sshd process
> (originally set to start with /etc/init.d), and run sshd as an inetd
> process?
> 
> Here's my line from inetd.conf:
> 
>    ssh stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/sshd
> 
> and my test hosts.allow file (call my machine "myhost")
> 
>    ssh: myhost
> 
> But I get this:
> 
> server# ./tcpdchk
> warning: /etc/hosts.allow, line 1: ssh: no such process name in
> /etc/inet/inetd.conf
> 
> and
> 
> myhost# ssh highlead
> FATAL: Connecting to highlead failed: Connection Refused
> 
> 
> -P.
> 
> ******************************************************************************
> Phil Hurvitz, MFR | GIS Specialist | College of Forest Resources | 355 Bloedel
> Box 352100 | University of Washington, Seattle, Washington  98195-2100, USA
>  tel: 206.685.8179 | FAX: 206.685.3091 | e-mail: [EMAIL PROTECTED] 
>              WWW: http://lobo.cfr.washington.edu/phurvitz/
> ******************************************************************************
> 
>

Reply via email to