ssh & inetd] (fwd)
Mike Starke
mgcon@neta.com
Mon, 6 Mar 2000 22:07:18 -0700 (MST)
I can't thank you enough-> fixed!
It was the port that wasn't in hosts.allow!
A simple line like
sshd 8070: my_laptop
fixed the problem lickety split.
I suppose the part that threw me off was that I didn't
know sshd had the wrappers compiled in. I thought that
since it ran as a deamon, that was bypassed. Then, when
I ran tcpdchk, and it complained (still does <both the service
and the port>), I was really thrown off.
One good thing came out of this: can do hosts.deny
hosts.allow with my eyes closed now......spent so much
time in there the past couple of days
Keyboard smokes when I do a
kill -HUP <inetd pid>
I suppose tommarow I'll look into sending Weitse
a message (or probably Debian)
Mike
mgcon@getnet.com
http://www.getnet.com/~mgcon
Phoenix, AZ
> Just began experiencing something unusual and annoying:
> Whenever I go to ssh into my server at home, I can no longer
> type 'ssh mybox'. It takes forever to get to the login. If
> I use the ip number (192.168.3.1), poof, I am there. IP is
> is both hosts file. FTP works fine, and so does pop. This
> just began after an update (Debian).
ftp and pop probably aren't doing reverse lookups. sshd should be.
> Somethind else I can't figure out: SInce sshd is running in deamon
> mode, I thought tcpd/inetd.conf/hosts.allow doesn't apply. It does.
>>From the sshd manpage:
SSH WITH TCP WRAPPERS
When sshd is compiled with tcp wrappers libraries, then
the host.allow/deny files also controls who can connect to
ports forwarded by sshd.
The program names in the hosts.allow/deny files are sshd
fwd-<portname>, sshdfwd-<portnumber>, and sshdfwd-X11 for
forwarded ports the ssh client or server is listening.
If the port has name defined then you must use it.
If that's an option, you can be pretty certain that debian would include
it ;-).
> If I put the line
> sshd: mylaptop
> in hosts.allow, then I am OK. But running tcpdchk complains that
> sshd is not in inetd.conf. Have I misconfigured something.
You should file a bug against tcpdchk. Thanks for letting me know about
that one ;-), I'd completely forgotten about it.
> Item #1 is just plain annoying (typing my ip [that hasn't changed
> since Moses]), but I can still get in OK. Item 2 bothers me as I
> would like to keep hosts.allow/hosts.deny tightened down pretty
> good, but I would still like tcpdchk to not complain.
>
> Are the two related? I have checked host.conf, made sure all ip's
> are still in hosts, etc.
Probably.
> When I do a tcpdump on my laptop (from the server), I notice that
> the laptop is sending icmp packets to my nameservers.
Are your nameservers correct? Do you have reverse addressing?
If the update that you did moved from ssh-nonfree to openssh some of the
default behavior changed. I haven't experienced what you're seeing, but
I'm also pretty damned certain that my reverse lookups work ;-).
ciao,
der.hans
--
# +++++++++++=================================+++++++++++ #
# der.hans@LuftHans.com www.excelco.com #
# http://home.pages.de/~lufthans/ #
# I'm not anti-social, I'm pro-individual. - der.hans #
# ===========+++++++++++++++++++++++++++++++++=========== #
_______________________________________________
Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
----- End forwarded message ----