tcp_wrappers DO work from a standalone daemon
Did you ./configure SSH with --with-libwrap=PATH option? Set PATH to the
directory that contains the libwrap.a file.
Also, make sure that the entry name in hosts.allow/deny matches the name
of the binary as it's called, e.g. If you're running the daemon as sshd2"
then the hosts.allow/deny entries should reference "sshd2" as the service
name.
--
Gregor Mosheh
[EMAIL PROTECTED]
Systems Admin, Humboldt Internet
707.825.4638
On Tue, 16 May 2000, Jim Ennis wrote:
> Hello,
>
> I have installed tcp_wrappers on a Solaris 7 box and I have installed ssh
> with the with-libwrap option. I can't seem to get ssh to check the
> hosts.allow and host.deny files to prevent me from connecting from a
> non-authorized segment. As far as I can tell, sshd2 is not using any of
> the wrappers support.
>
> Will wrappers support work when the program is run as a stand alone
> daemon (not run from inetd)?
>
> I have checked the sshd2 binary and the hosts information seems to be in
> the binary (using the strings command).
>
> My /etc/hosts.allow file looks like:
>
> sshd2: 132.170.249.* : allow
>
> My /etc/hosts.deny file looks like:
>
> sshd2: ALL: (/local/bin/safe_finger -l @%h | /usr/bin/mailx -s %d-%h root)
> &
>
> The daemon runs from /etc/rc2.d as /usr/sbin/sshd2
>
> Any ideas or tips?
>
> thanks in advance.
>
>
> Jim Ennis | [EMAIL PROTECTED]
> Systems Administrator | (407) 823-1701 | Fax: (407) 823-5476
> University of Central Florida | Murphy's paradox:
> | Doing it the hard way is always easier.
>
>
>
