LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-02-2006, 10:42 AM   #1
bganesh
LQ Newbie
 
Registered: Jun 2005
Posts: 3

Rep: Reputation: 0
/etc/hosts.deny/hosts.allow have no effect on sshd access


Hi

I am using a Redhat Linux box and recently configured the /etc/hosts.deny and /etc/hosts.allow to deny access to all machines except the few on our network.
The /etc/hosts.deny reads ALL: ALL
The /etc/hosts.allow has the list of machines which can access the machine.
I have successfully used the same files in the past on other machines.

I find that I am able to access the machine from hosts which are not on the hosts.allow list. I cant seem to figure out why this is happening.

I would appreciate it if somebody tells me what I could be doing wrong or if there is something that I have configured wrong.

Thanks
Brinda
 
Old 05-02-2006, 05:20 PM   #2
pAn1k
Member
 
Registered: Jun 2004
Location: Cala city
Distribution: Suse 10.0; Debian 5.0 (Lenny) Fluxbox
Posts: 240

Rep: Reputation: 30
Please post the config files you are talking about so we can help, good luck!
 
Old 05-02-2006, 05:35 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Could you post the full contents of your hosts.allow file? The Redhat 9 ssh daemon should have support for libwrap by default, so using hosts.allow/deny should work as long as the syntax is correct.

Also, check /var/log/secure and /var/log/messages for any errors like "missing newline or line too long"
 
Old 05-04-2006, 12:25 PM   #4
bganesh
LQ Newbie
 
Registered: Jun 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Fixed the problem!

It seems to have been some problem with an address in my hosts.allow file. I rebuilt it and it worked ... no idea what the syntax problem was

Thanks for the help
Brinda
 
Old 05-04-2006, 09:06 PM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
One thing to check is that ssh is built with tcwrappers support.
example:
# strings -f /usr/sbin/sshd | grep access
/usr/sbin/sshd: hosts_access
/usr/sbin/sshd: @(#)$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $
/usr/sbin/sshd: userauth_hostbased: access allowed by auth_rhosts2
/usr/sbin/sshd: It is recommended that your private key files are NOT accessible by other

Also, make sure that you restart the services that use the configuration file changes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/hosts and hosts.deny question ilan1 Linux - Networking 4 03-04-2006 06:28 PM
Slackware 10.0 and hosts.deny in reguards SSHD Smillie Slackware 10 03-24-2005 11:53 AM
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 10:41 PM
Host in hosts.deny able to access HTTP service mikebalcos Linux - Networking 1 08-12-2004 10:40 AM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 04:52 PM


All times are GMT -5. The time now is 06:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration