sshd basics
eric
plug-discuss@lists.plug.phoenix.az.us
Mon, 5 May 2003 17:25:45 -0700
this works now: /etc/hosts.allow: ALL : ALL
but if i put "sshd: " in front of that, it stops working. WTF?
It's OpenSSH_2.5.2p2, the one that comes default with RH 7.2.
> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Jeremy
> C. Reed
> Sent: Monday, May 05, 2003 5:17 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: RE: sshd basics
>
>
> On Mon, 5 May 2003, eric wrote:
>
> > i commented everything out of /etc/hosts.deny, and i deleted
> the sshd part
> > of /etc/hosts.allow and changed it (i.e., changed the first line) to
> > ALL:ALL.
>
> What was your old config (that did not work)?
>
> Note that it stops at first match and that hosts.allow is used before
> hosts.deny.
>
> Maybe you had some deny rule above your sshd access rule. (You can do the
> DENY access control in the hosts.allow file too.)
>
> > So now it works. I am so happy!! But now my box is wide open. Sigh.
> > Does anyone have suggestions for reconfiguring TCPWrappers to improve
> > security?
>
> Keep your /etc/hosts.deny with:
> ALL:ALL
>
> And then specifically set up your /etc/hosts.allow for each service that
> uses tcpd or takes advantage of libwrap.
>
> By the way, what version of a SSH server do you have that doesn't report
> this tcp wrappers connection refused? (I will stay away from it.)
>
> Jeremy C. Reed
> http://www.reedmedia.net/
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss