LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page [SOLVED] 14.1: Compilling openSSH with tcp_wrappers enabled.
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-21-2014, 10:08 AM   #1
rshepard
Member
 
Registered: Oct 2007
Location: Troutdale, Oregon
Distribution: Slackware
Posts: 435

Rep: Reputation: 28
14.1: Compilling openSSH with tcp_wrappers enabled.

I want to install, configure, and run DenyHosts on my server and it requires openSSH to be compiled with tcp_wrappers enabled. I have always thought this was the case on Slackware. But, running the test on the DenyHosts Web site (edit /etc/ssh/hosts.deny and add sshd 127.0.0.1, then try to login via ssh localhost. I was asked for my password and allowed in.

My server is also my main workstation. Does this explain the results I observed?

Rich
 
Old 07-21-2014, 11:48 AM   #2
ml4711
Member
 
Registered: Aug 2012
Location: Ryomgård, Danmark
Distribution: Slackware64
Posts: 146

Rep: Reputation: 103Reputation: 103
14.1 is compiled with tcp_wrappers enabled!

from TCP Wrappers Reference Guide:
  • Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny. Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in hosts.deny is ignored.
  • The rules in each file are read from the top down and the first matching rule for a given service is the only one applied. Therefore the order of the rules is extremely important.
  • If no rules for the service are found in either file, or if neither file exists, access to the service is granted.

So if You have in hosts.allow

Code:
ALL: ALL
You are allowed in even if you have the service in hosts.deny

Quote:
edit /etc/ssh/hosts.deny and add sshd 127.0.0.1,
then try to login via ssh localhost. I was asked for my password and allowed in.
Syntax - Rember ":" after service name.

For example

Code:
sshd: 127.0.0.1 192.168.1. 192.168.2. 192.168.3. 10.8.0. [2002:50a6:9862:5678::]/64
It works perfectly in slackware 14.1
 
1 members found this post helpful.
Old 07-22-2014, 08:23 AM   #3
rshepard
Member
 
Registered: Oct 2007
Location: Troutdale, Oregon
Distribution: Slackware
Posts: 435

Original Poster
Rep: Reputation: 28
Thanks for clarifying. I've not looked at the tcp_wrappers docs for a long time. I'll fix hosts.allow to allow hosts.deny to work properly.

Rich
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tcp_wrappers with dyndns hostnames? MheAd Linux - Security 4 04-28-2009 06:59 PM
Tcp_Wrappers XaViaR Linux - Security 1 05-18-2005 09:00 AM
tcp_wrappers daemon list? anand_kt Linux - Networking 2 04-12-2005 05:08 AM
ethics privacy and tcp_wrappers 98steve600 Linux - General 1 03-28-2005 04:03 AM
ethics, privacy, and tcp_wrappers 98steve600 Linux - Security 1 01-13-2001 09:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:37 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration