-   Linux - Security (
-   -   /etc/hosts.deny/hosts.allow have no effect on sshd access (

bganesh 05-02-2006 09:42 AM

/etc/hosts.deny/hosts.allow have no effect on sshd access

I am using a Redhat Linux box and recently configured the /etc/hosts.deny and /etc/hosts.allow to deny access to all machines except the few on our network.
The /etc/hosts.deny reads ALL: ALL
The /etc/hosts.allow has the list of machines which can access the machine.
I have successfully used the same files in the past on other machines.

I find that I am able to access the machine from hosts which are not on the hosts.allow list. I cant seem to figure out why this is happening.

I would appreciate it if somebody tells me what I could be doing wrong or if there is something that I have configured wrong.


pAn1k 05-02-2006 04:20 PM

Please post the config files you are talking about so we can help, good luck!

Capt_Caveman 05-02-2006 04:35 PM

Could you post the full contents of your hosts.allow file? The Redhat 9 ssh daemon should have support for libwrap by default, so using hosts.allow/deny should work as long as the syntax is correct.

Also, check /var/log/secure and /var/log/messages for any errors like "missing newline or line too long"

bganesh 05-04-2006 11:25 AM

Fixed the problem!
It seems to have been some problem with an address in my hosts.allow file. I rebuilt it and it worked ... no idea what the syntax problem was

Thanks for the help

jschiwal 05-04-2006 08:06 PM

One thing to check is that ssh is built with tcwrappers support.
# strings -f /usr/sbin/sshd | grep access
/usr/sbin/sshd: hosts_access
/usr/sbin/sshd: @(#)$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $
/usr/sbin/sshd: userauth_hostbased: access allowed by auth_rhosts2
/usr/sbin/sshd: It is recommended that your private key files are NOT accessible by other

Also, make sure that you restart the services that use the configuration file changes.

All times are GMT -5. The time now is 05:47 AM.