i've installed openssh3.7p1 with the --with-tcp-wrappers enabled, the only trouble is i don't know how to set the entry in hosts.allow to allow ssh through. there are 2 cases i've experienced:

1) if i have the following line in my hosts.allow

sshd: 137.1.1.55: allow

i get an error message (on client machine) from ssh

Connection closed by 137.1.1.34

2) if i change the line in hosts.allow to

ssh: 137.1.1.55: allow

i get a different error message on the client machine

ssh_exchange_identification: Connection closed by remote host

this behavior makes me suspect that this has something to do with tcpd, and the IP is correct. how do i set the tcp wrappers up correctly to prevent this from happening?

thx for reading,
y-p

Way I've been using sshd and hosts.allow in general is

sshd:137.1.1.55

I think the syntax is without that :allow. Try (and also think of the x11 forwarding if you need that)

sshd,sshdfwd-X11: 137.1.1.55

Hope it helps,
mlp

yep, that fixed the problem, thanks a bunch guys. when i fixed this stuff, there were 2 other things that were bugging out that worried me:

1) i got a message that said "/var/empty does not exist" and sshd "insisted" that i make such a directory; so i made the directory, "#mkdir /var/empty" and the error message went away; what's the deal here? is this something about chroot-ing?

2) i've gotten a message from sshd on one of my computers that says

Could not load host key: /etc/ssh/ssh_host_rsa_key

but sshd still loads up fine; this is confusing because immediately prior to this i issued

ssh-keygen -t rsa -b 3072 -f /etc/ssh/ssh_host_rsa_key -P "my advanced passphrase"

which SHOULD generate such an RSA host key of size 3072 bytes and put it in /etc/ssh/ssh_host_rsa_key. note that my passphrase is NOT "my advanced passphrase" (or is it?). any suggestions are welcome and these are just further questions since i can now ssh between my boxes.

thx,
y-p

Regarding #2, you generated a key with a passphrase and the sshd start script is not aware of what the phrase is. Typically this key is generated without a passphrase.

that was exactly it, thx a bunch, stick.

if i had read the man-page for ssh-keygen, i'd have noticed in the first freaking page that it says

"The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length."

:P

Regarding /var/empty

Don't know for definite nut I remember reading the info with vsftp about doing a similar thing, I think it's perhaps so there is an empty directory for it to changed to or something like that for security reasons - something to do with security anywaty I think....maybe...memory fades....

heh, my memory always fades. my short term memory is... what was i talking about?

mr ross, apologies for the double post, it was not intentional. linuxquestions hung when i tried to submit it, and then i closed that tab and re-entered it all w/out checking if the first post went through.

:P