LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-03-2006, 05:00 PM   #1
Dragons Master
LQ Newbie
 
Registered: May 2006
Posts: 7

Rep: Reputation: 0
/etc/hosts.allow can't verify allowed hostname - what do I do?


Hey Folks,

I want to allow sshd on my new server only to myself and to my other server (so I could use it to ssh my server whenever i'm not on my home computer), but the server can't verify host name of my other server..
The error is:
Code:
May  3 23:56:39 air362 sshd[30833]: warning: /etc/hosts.allow, line 7: can't verify hostname: getaddrinfo(72-29-76-97.dimenoc.com, AF_INET) failed
May  3 23:56:39 air362 sshd[30833]: refused connect from ::ffff:72.29.76.97 (::ffff:72.29.76.97)
Here my hosts.deny and hosts.allow files:

/etc/hosts.deny
Code:
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

sshd : ALL
[/b]/etc/hosts.allow[/b]
Code:
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#

sshd : .bezeqint.net
sshd : .server4you.net
sshd : 88.152.180.70/255.255.255.0
sshd : .dimenoc.com
sshd : 72.29.76.97/255.255.255.0
Can anyone please let me know how can I allow my other server (72.29.76.97 or 72-29-76-97.dimenoc.com) to access the new server?

thanks,
- Ben
 
Old 05-03-2006, 05:06 PM   #2
Dragons Master
LQ Newbie
 
Registered: May 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Ah never mind people I just looked around and I happened to find this /etc/hosts file - I just added there my server IP followed by it's hostname and now it seems to work just fine thanks a lot everyone
 
Old 05-04-2006, 03:57 AM   #3
basileus
Member
 
Registered: Nov 2004
Location: Turku, Finland
Distribution: Debian, Ubuntu, Gentoo
Posts: 388

Rep: Reputation: 30
A quick tip... I always use

ALL: ALL

in /etc/hosts.deny. That way - if I happen to have unnecessary service running no-one is not allowed to connect to them unless specified in hosts.allow. Of course I have a firewall blocking the traffic also, but just to be sure.

I'd suggest that you also configure your firewall so that it allows new connections to SSH port (22) only from the same hosts you allow in /etc/hosts.allow. I've read in Securing Debian manual that tcpwrappers (which is configured with hosts.allow / deny) is not bulletproof.

Also check "man sshd_config". I always use the "AllowUsers username_1 username_2 ..." directive for extra security. You could also use public keys with a good passphrase for extra security, but that might be an overkill .
 
Old 05-05-2006, 07:05 AM   #4
Dragons Master
LQ Newbie
 
Registered: May 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Yeah I used ALL : ALL at first but after having trajilion problems accessing my certain services I decided to only block sshd, it's easier for me than to look for all the services I do need (named, httpd, smtpd, etc) and setting their permissions to all..

I will howeve look on the ssh_config man pages - that sounds interesting..

Thanks a bunch!
- Ben
 
  


Reply

Tags
sshd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/hosts, hostname, and dnsdomainname questions rdmenotte Linux - Software 9 03-28-2015 05:27 AM
Method Not Allowed: The requested method POST is not allowed for the URL /writedhcp.p WiWa Linux - Networking 15 01-06-2011 02:20 PM
hostname, fqdn, /etc/hosts setup [GOD]Anck Slackware 9 07-20-2010 05:51 PM
Changing Hostname.../etc/hosts...? vous Linux - Networking 13 01-16-2008 09:38 PM
SlackWare :Method Not Allowed The requested method POST is not allowed for the URL slack31337 Linux - Software 0 04-08-2006 07:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration