warning: /etc/hosts.deny, line 20: missing ":" separator

tkmsr · 05-18-2010, 06:36 AM

Quote:

Originally Posted by chrism01

Possible things to think about

1. it doesn't like the blank line at line 15?

Okay deleted.

Quote:

Originally Posted by chrism01

2. there's a hidden char (maybe msdos derived) on line 20; try hexdump cmd

Code:

0000000 2023 652f 6374 682f 736f 7374 642e 6e65
0000010 3a79 6c20 7369 2074 666f 6820 736f 7374
0000020 7420 6168 2074 7261 2065 6e5f 746f 205f
0000030 6c61 6f6c 6577 2064 6f74 6120 6363 7365
0000040 2073 6874 2065 7973 7473 6d65 0a2e 2023
0000050 2020 2020 2020 2020 2020 2020 2020 2020
0000060 5320 6565 7420 6568 6d20 6e61 6175 206c
0000070 6170 6567 2073 6f68 7473 5f73 6361 6563
0000080 7373 3528 2029 6e61 2064 6f68 7473 5f73
0000090 706f 6974 6e6f 2873 2935 0a2e 0a23 2023
00000a0 7845 6d61 6c70 3a65 2020 2020 4c41 3a4c
00000b0 7320 6d6f 2e65 6f68 7473 6e2e 6d61 2c65
00000c0 2e20 6f73 656d 642e 6d6f 6961 0a6e 2023
00000d0 2020 2020 2020 2020 2020 2020 4c41 204c
00000e0 5845 4543 5450 6920 2e6e 6966 676e 7265
00000f0 3a64 6f20 6874 7265 682e 736f 2e74 616e
0000100 656d 202c 6f2e 6874 7265 642e 6d6f 6961
0000110 0a6e 0a23 2023 6649 7920 756f 7227 2065
0000120 6f67 6e69 2067 6f74 7020 6f72 6574 7463
0000130 7420 6568 7020 726f 6d74 7061 6570 2072
0000140 7375 2065 6874 2065 616e 656d 2220 6f70
0000150 7472 616d 2270 6620 726f 7420 6568 230a
0000160 6420 6561 6f6d 206e 616e 656d 202e 6552
0000170 656d 626d 7265 7420 6168 2074 6f79 2075
0000180 6163 206e 6e6f 796c 7520 6573 7420 6568
0000190 6b20 7965 6f77 6472 2220 4c41 224c 6120
00001a0 646e 4920 0a50 2023 6461 7264 7365 6573
00001b0 2073 4e28 544f 6820 736f 2074 726f 6420
00001c0 6d6f 6961 206e 616e 656d 2973 6620 726f
00001d0 7420 6568 7020 726f 6d74 7061 6570 2c72
00001e0 6120 2073 6577 6c6c 6120 2073 6f66 0a72
00001f0 2023 7072 2e63 6f6d 6e75 6474 2820 6874
0000200 2065 464e 2053 6f6d 6e75 2074 6164 6d65
0000210 6e6f 2e29 5320 6565 7020 726f 6d74 7061
0000220 3828 2029 6e61 2064 7072 2e63 6f6d 6e75
0000230 6474 3828 0a29 2023 6f66 2072 7566 7472
0000240 6568 2072 6e69 6f66 6d72 7461 6f69 2e6e
0000250 230a 230a 5420 6568 5020 5241 4e41 494f
0000260 2044 6977 646c 6163 6472 6d20 7461 6863
0000270 7365 6120 796e 6820 736f 2074 6877 736f
0000280 2065 616e 656d 6420 656f 2073 6f6e 2074
0000290 616d 6374 2068 7469 0a73 2023 6461 7264
00002a0 7365 2e73 230a 5920 756f 6d20 7961 7720
00002b0 7369 2068 6f74 6520 616e 6c62 2065 6874
00002c0 7369 7420 206f 6e65 7573 6572 6120 796e
00002d0 7020 6f72 7267 6d61 2073 6874 7461 6420
00002e0 6e6f 7427 230a 7620 6c61 6469 7461 2065
00002f0 6f6c 6b6f 6465 7520 2070 6f68 7473 616e
0000100 656d 202c 6f2e 6874 7265 642e 6d6f 6961
0000110 0a6e 0a23 2023 6649 7920 756f 7227 2065
0000120 6f67 6e69 2067 6f74 7020 6f72 6574 7463
0000130 7420 6568 7020 726f 6d74 7061 6570 2072
0000140 7375 2065 6874 2065 616e 656d 2220 6f70
0000150 7472 616d 2270 6620 726f 7420 6568 230a
0000160 6420 6561 6f6d 206e 616e 656d 202e 6552
0000170 656d 626d 7265 7420 6168 2074 6f79 2075
0000180 6163 206e 6e6f 796c 7520 6573 7420 6568
0000190 6b20 7965 6f77 6472 2220 4c41 224c 6120
00001a0 646e 4920 0a50 2023 6461 7264 7365 6573
00001b0 2073 4e28 544f 6820 736f 2074 726f 6420
00001c0 6d6f 6961 206e 616e 656d 2973 6620 726f
00001d0 7420 6568 7020 726f 6d74 7061 6570 2c72
00001e0 6120 2073 6577 6c6c 6120 2073 6f66 0a72
00001f0 2023 7072 2e63 6f6d 6e75 6474 2820 6874
0000200 2065 464e 2053 6f6d 6e75 2074 6164 6d65
0000210 6e6f 2e29 5320 6565 7020 726f 6d74 7061
0000220 3828 2029 6e61 2064 7072 2e63 6f6d 6e75
0000230 6474 3828 0a29 2023 6f66 2072 7566 7472
0000240 6568 2072 6e69 6f66 6d72 7461 6f69 2e6e
0000250 230a 230a 5420 6568 5020 5241 4e41 494f
0000260 2044 6977 646c 6163 6472 6d20 7461 6863
0000270 7365 6120 796e 6820 736f 2074 6877 736f
0000280 2065 616e 656d 6420 656f 2073 6f6e 2074
0000290 616d 6374 2068 7469 0a73 2023 6461 7264
00002a0 7365 2e73 230a 5920 756f 6d20 7961 7720
00002b0 7369 2068 6f74 6520 616e 6c62 2065 6874
00002c0 7369 7420 206f 6e65 7573 6572 6120 796e
00002d0 7020 6f72 7267 6d61 2073 6874 7461 6420
00002e0 6e6f 7427 230a 7620 6c61 6469 7461 2065
00002f0 6f6c 6b6f 6465 7520 2070 6f68 7473 616e
0000300 656d 2073 7473 6c69 206c 656c 7661 2065
0000310 6e75 6564 7372 6174 646e 6261 656c 6c20
0000320 676f 2e73 4920 206e 6170 7473 230a 7620
0000330 7265 6973 6e6f 2073 666f 4420 6265 6169
0000340 206e 6874 7369 6820 7361 6220 6565 206e
0000350 6874 2065 6564 6166 6c75 2e74 230a 2023
0000360 4c41 3a4c 5020 5241 4e41 494f 0a44 4c41
0000370 3a4c 3220 3131 342e 2e33 3032 2e34 3234
0000380 410a 4c4c 203a 3132 2e38 3736 322e 3634
0000390 362e 0a31 4c41 3a4c 3120 3531 322e 3833
00003a0 372e 2e31 3733 410a 6c6c 203a 3637 372e
00003b0 2e36 2e38 3931 0a37                    
00003b8

Quote:

Originally Posted by chrism01

3. try deleting the file and just create a new one with only the active lines

Done Well I have not seen the warning message.
Dunno what made it work.
Thanks all.
If some one is interested to do a postmortem of this problem I will reply.Let me know.

Quote:

Originally Posted by slimm609

post the output of cat -A /etc/hosts.deny

Here it is

slimm609 · 05-18-2010, 06:40 AM

it should like there was a non-printing character somewhere in there. cat -A <filename> will show the non-printing chars. Thats an easy way to show if there is something that shouldnt be there

tkmsr · 05-18-2010, 06:44 AM

Quote:

Originally Posted by slimm609

it should like there was a non-printing character somewhere in there. cat -A <filename> will show the non-printing chars. Thats an easy way to show if there is something that shouldnt be there

Okay this what I did before doing any thing on original file
you can see it here.
cat -A /etc/hosts.deny

Code:

# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.$
#                  See the manual pages hosts_access(5) and hosts_options(5).$
#$
# Example:    ALL: some.host.name, .some.domain$
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain$
#$
# If you're going to protect the portmapper use the name "portmap" for the$
# daemon name. Remember that you can only use the keyword "ALL" and IP$
# addresses (NOT host or domain names) for the portmapper, as well as for$
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)$
# for further information.$
#$
# The PARANOID wildcard matches any host whose name does not match its$
# address.$
# You may wish to enable this to ensure any programs that don't$
# validate looked up hostnames still leave understandable logs. In past$
# versions of Debian this has been the default.$
## ALL: PARANOID$
ALL: 211.43.204.42$
ALL: 218.67.246.61$
ALL: 115.238.71.37$
All: 76.76.8.197$

I could not understand what you said if it is there some thing you pointed let us know.

tkmsr · 05-21-2010, 12:20 AM

I am using Debian Lenny.
my auth.log shows

Code:

 sshd[31944]: warning: /etc/hosts.deny, line 20: missing ":" separator
May 16 07:32:22  sshd[31945]: Received disconnect from 218.67.246.61: 11: Bye Bye
May 16 07:32:22  sshd[31946]: warning: /etc/hosts.deny, line 20: missing ":" separator
May 16 07:32:24  sshd[31947]: Received disconnect from 218.67.246.61: 11: Bye Bye
May 16 07:32:25  sshd[31948]: warning: /etc/hosts.deny, line 20: missing ":" separator
May 16 07:32:27  sshd[31949]: Received disconnect from 218.67.246.61: 11: Bye Bye
May 16 07:32:27  sshd[31950]: warning: /etc/hosts.deny, line 20: missing ":" separator
May 16 07:32:29  sshd[31951]: Received disconnect from 218.67.246.61: 11: Bye Bye
May 16 07:32:30  sshd[31952]: warning: /etc/hosts.deny, line 20: missing ":" separator
May 16 07:32:32 sshd[31953]: Received disconnect from 218.67.246.61: 11: Bye Bye
May 16 07:32:32  sshd[31954]: warning: /etc/hosts.deny, line 20: missing ":" separator
May 16 07:32:34  sshd[31955]: Received disconnect from 218.67.246.61: 11: Bye Bye
May 16 07:32:35  sshd[31956]: warning: /etc/hosts.deny, line 20: missing ":" separator
May 16 07:32:37  sshd[31957]: Received disconnect from 218.67.246.61: 11: Bye Bye

The above IP is present on /etc/hosts.deny then why is it not blocking connections and why is this Bye Bye thing there.

jcomeau_ictx · 05-21-2010, 12:30 AM

Did you Google? http://a.mongers.org/muppets/20040808-sshscan-1

You have a problem in your hosts.deny file, as your log is telling you. If you post its contents, one of us should be able to point it out to you. Or just look at line 20 with your preferred editor and, armed with 'man hosts.deny', you might be able to solve it yourself.

win32sux · 05-21-2010, 01:07 AM

tkmsr, I've merged your latest post (and the reply from jcomeau_ictx) into your original thread.

tkmsr · 05-21-2010, 01:39 AM

Quote:

Originally Posted by jcomeau_ictx

Did you Google? http://a.mongers.org/muppets/20040808-sshscan-1

Thanks I did not knew any such thing also existed.

Quote:

Originally Posted by win32sux

tkmsr, I've merged your latest post (and the reply from jcomeau_ictx) into your original thread.

Where did you merge it this is different from :20 line thread.I got a new thing here and that thread did not had Bye:Bye problem.That was solved also .Every one who was reading must have gone also bye now.

jpearl24 · 12-27-2014, 03:08 AM

I know this is old but all you have to do is add a : to the end of the line.

IP :
IP :

jpollard · 01-10-2015, 11:01 AM

Quote:

Originally Posted by jpearl24

I know this is old but all you have to do is add a : to the end of the line.

IP :
IP :

Actually, if you look at his hex dump, the last two bytes are: "0a37".

The 0a is the newline terminator of the preceding line which is valid. The "37" is a "%" character which is invalid, AND lacks a : separator between the IP number (a %) and its permission lists...

Easy to miss - he didn't include the last line (likely invisible due to its not being a complete line...)