sshd security

[Peter Jeremy]

On Fri, 2004-Sep-24 08:22:12 -0500, Derek Ragona wrote:
>I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1 
>server.  But when I try to test it from an IP outside my LAN, it still 
>allows ssh logins.  I even put in a line in hosts.allow to explicitly deny 
>the IP I was ssh'ing from, but it still let me in.  The behavior  gives the 
>appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow 
>file is ignored.
>
>Is there something I need to do to enable the wrappers in sshd?  I saw that 
>there is a compile option for the portable source from openssh.org, so I 
>wonder if there is some compile option that needs to be enabled in 
>make.conf?

Depending on how TCP wrappers are integrated into SSH, one possibility
is that you need /var/empty/etc/hosts.{allow,deny}

-- 
Peter Jeremy