LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   /etc/hosts.deny/hosts.allow have no effect on sshd access (http://www.linuxquestions.org/questions/linux-security-4/etc-hosts-deny-hosts-allow-have-no-effect-on-sshd-access-440883/)

bganesh 05-02-2006 10:42 AM

/etc/hosts.deny/hosts.allow have no effect on sshd access
 
Hi

I am using a Redhat Linux box and recently configured the /etc/hosts.deny and /etc/hosts.allow to deny access to all machines except the few on our network.
The /etc/hosts.deny reads ALL: ALL
The /etc/hosts.allow has the list of machines which can access the machine.
I have successfully used the same files in the past on other machines.

I find that I am able to access the machine from hosts which are not on the hosts.allow list. I cant seem to figure out why this is happening.

I would appreciate it if somebody tells me what I could be doing wrong or if there is something that I have configured wrong.

Thanks
Brinda

pAn1k 05-02-2006 05:20 PM

Please post the config files you are talking about so we can help, good luck!

Capt_Caveman 05-02-2006 05:35 PM

Could you post the full contents of your hosts.allow file? The Redhat 9 ssh daemon should have support for libwrap by default, so using hosts.allow/deny should work as long as the syntax is correct.

Also, check /var/log/secure and /var/log/messages for any errors like "missing newline or line too long"

bganesh 05-04-2006 12:25 PM

Fixed the problem!
 
It seems to have been some problem with an address in my hosts.allow file. I rebuilt it and it worked ... no idea what the syntax problem was

Thanks for the help
Brinda

jschiwal 05-04-2006 09:06 PM

One thing to check is that ssh is built with tcwrappers support.
example:
# strings -f /usr/sbin/sshd | grep access
/usr/sbin/sshd: hosts_access
/usr/sbin/sshd: @(#)$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $
/usr/sbin/sshd: userauth_hostbased: access allowed by auth_rhosts2
/usr/sbin/sshd: It is recommended that your private key files are NOT accessible by other

Also, make sure that you restart the services that use the configuration file changes.


All times are GMT -5. The time now is 07:42 AM.