Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-02-2006, 09:42 AM   #1
LQ Newbie
Registered: Jun 2005
Posts: 3

Rep: Reputation: 0
/etc/hosts.deny/hosts.allow have no effect on sshd access


I am using a Redhat Linux box and recently configured the /etc/hosts.deny and /etc/hosts.allow to deny access to all machines except the few on our network.
The /etc/hosts.deny reads ALL: ALL
The /etc/hosts.allow has the list of machines which can access the machine.
I have successfully used the same files in the past on other machines.

I find that I am able to access the machine from hosts which are not on the hosts.allow list. I cant seem to figure out why this is happening.

I would appreciate it if somebody tells me what I could be doing wrong or if there is something that I have configured wrong.

Old 05-02-2006, 04:20 PM   #2
Registered: Jun 2004
Location: Cala city
Distribution: Suse 10.0; Debian 5.0 (Lenny) Fluxbox
Posts: 240

Rep: Reputation: 30
Please post the config files you are talking about so we can help, good luck!
Old 05-02-2006, 04:35 PM   #3
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Could you post the full contents of your hosts.allow file? The Redhat 9 ssh daemon should have support for libwrap by default, so using hosts.allow/deny should work as long as the syntax is correct.

Also, check /var/log/secure and /var/log/messages for any errors like "missing newline or line too long"
Old 05-04-2006, 11:25 AM   #4
LQ Newbie
Registered: Jun 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Fixed the problem!

It seems to have been some problem with an address in my hosts.allow file. I rebuilt it and it worked ... no idea what the syntax problem was

Thanks for the help
Old 05-04-2006, 08:06 PM   #5
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
One thing to check is that ssh is built with tcwrappers support.
# strings -f /usr/sbin/sshd | grep access
/usr/sbin/sshd: hosts_access
/usr/sbin/sshd: @(#)$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $
/usr/sbin/sshd: userauth_hostbased: access allowed by auth_rhosts2
/usr/sbin/sshd: It is recommended that your private key files are NOT accessible by other

Also, make sure that you restart the services that use the configuration file changes.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/hosts and hosts.deny question ilan1 Linux - Networking 4 03-04-2006 05:28 PM
Slackware 10.0 and hosts.deny in reguards SSHD Smillie Slackware 10 03-24-2005 10:53 AM
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 09:41 PM
Host in hosts.deny able to access HTTP service mikebalcos Linux - Networking 1 08-12-2004 09:40 AM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 03:52 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:22 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration