Where is tcpd?

Michael K. Smith mksmith at noanet.net
Wed May 7 08:42:32 PDT 2003


On 5/7/03 8:36 AM, "Dan Nelson" <dnelson at allantgroup.com> wrote:

> In the last episode (May 07), Michael K. Smith said:
>> I would like to use TCP Wrappers for ssh connections to a box, and
>> all of the literature regarding the inetd.conf configuration
>> references /usr/sbin/tcpd.  I have been unable to find tcpd anywhere
>> on the system.  Is there another way to reference the required files
>> in inetd.conf?
> 
> Hm?  This is the only place tcpd is mentioned in the inetc.conf
> manpage, and I think it answers your question pretty well.
> 
>  IMPLEMENTATION NOTES
> 
>  TCP Wrappers
>    When given the -w option, inetd will wrap all services specified
>    as ``stream nowait'' or ``dgram'' except for ``internal''
>    services.  If the -W option is given, such ``internal'' services
>    will be wrapped.  If both options are given, wrapping for both
>    internal and external services will be enabled.  Either wrapping
>    option will cause failed connections to be logged to the ``auth''
>    syslog facility.  Adding the -l flag to the wrapping options will
>    include successful connections in the logging to the ``auth''
>    facility.
> 
>    Note that inetd only wraps requests for a ``wait'' service while
>    no servers are available to service requests.  Once a connection
>    to such a service has been allowed, inetd has no control over
>    subsequent connec- tions to the service until no more servers are
>    left listening for connec- tion requests.
> 
>    When wrapping is enabled, the tcpd daemon is not required, as that
>    functionality is builtin.  For more information on TCP Wrappers,
>    see the relevant documentation (hosts_access(5)).  When reading
>    that document, keep in mind that ``internal'' services have no
>    associated daemon name.  Therefore, the service name as specified
>    in inetd.conf should be used as the daemon name for ``internal''
>    services.
> 

Then I must have a misconfiguration somewhere.  Here's what my inetd.conf
entry looks like:

ssh  stream  tcp  nowait  root /usr/sbin/sshd  sshd -I

And here is my inetd process:

root    16368  0.0  0.3  1076  812  ??  Is    7:50AM   0:00.01
/usr/sbin/inetd -wW

And my /etc/hosts.allow entry:

sshd : .noanet.net

But, when I run tcpdchk, I get:

warning: /etc/hosts.allow, line 23: sshd: service possibly not wrapped


Any ideas?

Mike

-- 
Michael K. Smith          NoaNet
206.219.7116 (work)       206.579.8360 (cell)
mksmith at noanet.net        http://www.noanet.net




More information about the freebsd-questions mailing list