sshd security
Peter Jeremy
PeterJeremy at optushome.com.au
Sat Sep 25 13:38:44 PDT 2004
On Fri, 2004-Sep-24 08:22:12 -0500, Derek Ragona wrote:
>I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1
>server. But when I try to test it from an IP outside my LAN, it still
>allows ssh logins. I even put in a line in hosts.allow to explicitly deny
>the IP I was ssh'ing from, but it still let me in. The behavior gives the
>appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow
>file is ignored.
>
>Is there something I need to do to enable the wrappers in sshd? I saw that
>there is a compile option for the portable source from openssh.org, so I
>wonder if there is some compile option that needs to be enabled in
>make.conf?
Depending on how TCP wrappers are integrated into SSH, one possibility
is that you need /var/empty/etc/hosts.{allow,deny}
--
Peter Jeremy
More information about the freebsd-security
mailing list