Originally Posted by redleg7
Using /etc/hosts.allow and /etc/hosts.deny, is there a way to allow vsftd connectins but block sshd connections? I have tried the following, but this blocks both sshd and vsftp:
/etc/hosts.allow: vsftd : ALL
/etc/hosts.deny: sshd: ALL
I think that vsftpd and sshd both use the same port, and that is why this does not work. Am I correct, or is there some other explanation?
They don't use the same port - FTP is 21 and SSH is 22. Regardless, it is my understanding that TCP wrappers uses service process names for identification - not port numbers. Granted, I don't use TCP wrappers (I use iptables instead), so I could be mistaken about that.
That said, why do you need a rule for vsftpd in your hosts.allow
file in the first place? If what you posted is all you have in those files then you don't need anything in hosts.allow
, as TCP wrappers will allow access to services by default. hosts.allow
is mostly useful for exceptions to what you have in hosts.deny
AFAICT none of this explains the symptoms you describe, though - unless there's something you aren't telling us. For example, if the misspelled daemon name you posted is what is actually in the hosts.allow
file, and there is an "ALL: ALL" in the hosts.deny
file, then access to vsftpd
would be denied (since no match would occur in hosts.allow
, while "ALL: ALL" would match in hosts.deny