updating the change of /etc/hosts.deny in AIX 4.3.3
AIXThis forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
updating the change of /etc/hosts.deny in AIX 4.3.3
I have recently changed the contents of /etc/hosts.deny....in linux i would use a: killall -HUP xinetd to refresh this change to the system (that is, w/o rebooting it)...
how would i do this in AIX????? refresh -s inetd doesn't seem to be working....
here is the format of my /etc/hosts.deny file on the RS/6000 box:
ALL: ALL
simple as that...not sure why, even when an "outside" host is trying to access it, it allows things through....any thoughts for logs to check for entries?
I see what your saying...tcp wrappers may not even be employed on ssh. right. hmm...
when i type: ssh -V i get:
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on rs6000-ibm-aix4.3.3.0
there is no entry in /etc/inetd.conf for ssh...how would i do a quick check to see if tcp wrappers is
enabled for this version of ssh on the rs6000 box???
thanks for being helpful/patient with me...
UPDATE:
I checked in the ssh compilation directory and within file: sshconf.h
found a few interesting lines:
/* Define this to include libwrap (tcp_wrappers) support. */
/* #undef LIBWRAP */
/* #undef HAVE_LIBWRAP */
the comment lines have blocked the wrapping support i guess...right?
would i uncomment both the bottom two lines and instead of "undef" put "def" ???
thanks...
Last edited by zepplin611; 07-17-2004 at 09:00 PM.
For that version of SSH, I'm not sure. I do use it, but I get a pre-compiled binary from ssh.com and I haven't checked whether that supports tcp wrappers.
I can remember hitting this issue with the version of SSH from F-Secure. In that case, there was a flag on the configure command for tcp wrappers (something like configure --with-tcp-wrappers) so it might be worth checking out the configure options.
You're right that SSH is never started from inetd.conf; it's an unusual app in that tcp wrapper support does have to be compiled in; I'm not aware of any way to actually wrapper it as can be done with things called from inetd.
I was able to track down a FAQ on this version of ssh...
Q: How do I setup sshd2 to support tcp-wrappers?
A: First, ./configure --with-libwrap and whatever flags you need. Make
sure that configure finds your libwrap.a and tcpd.h files. Recompile.
(Note that if you don't have your tcp-wrappers in a standard place,
you can give the path as argument to configure;
--with-libwrap=/path/to/libwrap/)
After this you can edit your /etc/hosts.allow and /etc/hosts.deny
files. These "daemon" strings are in use by sshd2:
sshd, sshd2 (The name sshd2 was called with (usually "sshd"))
sshdfwd-X11 (if you want to allow/deny X11-forwarding)
sshdfwd-<port-number> (for tcp-forwarding)
sshdfwd-<port-name> (port-name defined in /etc/services. Used in
tcp-forwarding.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.