Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
![Reply](https://www.linuxquestions.org/questions/images/buttons/reply.gif) |
05-02-2006, 10:42 AM
|
#1
|
LQ Newbie
Registered: Jun 2005
Posts: 3
Rep:
|
/etc/hosts.deny/hosts.allow have no effect on sshd access
Hi
I am using a Redhat Linux box and recently configured the /etc/hosts.deny and /etc/hosts.allow to deny access to all machines except the few on our network.
The /etc/hosts.deny reads ALL: ALL
The /etc/hosts.allow has the list of machines which can access the machine.
I have successfully used the same files in the past on other machines.
I find that I am able to access the machine from hosts which are not on the hosts.allow list. I cant seem to figure out why this is happening.
I would appreciate it if somebody tells me what I could be doing wrong or if there is something that I have configured wrong.
Thanks
Brinda
|
|
|
05-02-2006, 05:20 PM
|
#2
|
Member
Registered: Jun 2004
Location: Cala city
Distribution: Suse 10.0; Debian 5.0 (Lenny) Fluxbox
Posts: 240
Rep:
|
Please post the config files you are talking about so we can help, good luck!
|
|
|
05-02-2006, 05:35 PM
|
#3
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
Could you post the full contents of your hosts.allow file? The Redhat 9 ssh daemon should have support for libwrap by default, so using hosts.allow/deny should work as long as the syntax is correct.
Also, check /var/log/secure and /var/log/messages for any errors like "missing newline or line too long"
|
|
|
05-04-2006, 12:25 PM
|
#4
|
LQ Newbie
Registered: Jun 2005
Posts: 3
Original Poster
Rep:
|
Fixed the problem!
It seems to have been some problem with an address in my hosts.allow file. I rebuilt it and it worked ... no idea what the syntax problem was
Thanks for the help
Brinda
|
|
|
05-04-2006, 09:06 PM
|
#5
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
One thing to check is that ssh is built with tcwrappers support.
example:
# strings -f /usr/sbin/sshd | grep access
/usr/sbin/sshd: hosts_access
/usr/sbin/sshd: @(#)$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $
/usr/sbin/sshd: userauth_hostbased: access allowed by auth_rhosts2
/usr/sbin/sshd: It is recommended that your private key files are NOT accessible by other
Also, make sure that you restart the services that use the configuration file changes.
|
|
|
All times are GMT -5. The time now is 10:39 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|