Where is tcpd?
Michael K. Smith
mksmith at noanet.net
Wed May 7 09:31:24 PDT 2003
On 5/7/03 8:54 AM, "Dan Nelson" <dnelson at allantgroup.com> wrote:
> In the last episode (May 07), Michael K. Smith said:
>> Then I must have a misconfiguration somewhere. Here's what my
>> inetd.conf entry looks like:
>>
>> ssh stream tcp nowait root /usr/sbin/sshd sshd -I
>>
>> And here is my inetd process:
>>
>> root 16368 0.0 0.3 1076 812 ?? Is 7:50AM 0:00.01
>> /usr/sbin/inetd -wW
>>
>> And my /etc/hosts.allow entry:
>>
>> sshd : .noanet.net
>>
>> But, when I run tcpdchk, I get:
>>
>> warning: /etc/hosts.allow, line 23: sshd: service possibly not wrapped
>
> Tcpdchk doesn't know if you're running inetd with the -w flag, so it
> says 'possibly not wrapped'. Since you are running with -w, you can
> ignore it.
>
> Also, I don't think sshd takes a -I argument. Why not just run it on
> startup (sshd_enable="YES" in /etc/rc.conf)? sshd has tcp-wrapper
> support builtin too, so you shouldn't need to launch a new copy from
> inetd on every connect.
I was originally trying to do that. I'm running OpenSSH 3.6.1p2 with
libwrap and tcp-wrappers configured, but it doesn't seem to read the
hosts.allow file (since I can connect from any where). Thus, I thought I
would try the inetd model to see if that worked.
If I remove the -i in inetd.conf it doesn't work at all, even from allowed
hosts.
Mike
--
Michael K. Smith NoaNet
206.219.7116 (work) 206.579.8360 (cell)
mksmith at noanet.net http://www.noanet.net
More information about the freebsd-questions
mailing list