LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 07-21-2014, 11:08 AM   #1
rshepard
Member
 
Registered: Oct 2007
Location: Troutdale, Oregon
Distribution: Slackware
Posts: 137

Rep: Reputation: 15
14.1: Compilling openSSH with tcp_wrappers enabled.


I want to install, configure, and run DenyHosts on my server and it requires openSSH to be compiled with tcp_wrappers enabled. I have always thought this was the case on Slackware. But, running the test on the DenyHosts Web site (edit /etc/ssh/hosts.deny and add sshd 127.0.0.1, then try to login via ssh localhost. I was asked for my password and allowed in.

My server is also my main workstation. Does this explain the results I observed?

Rich
 
Old 07-21-2014, 12:48 PM   #2
ml4711
Member
 
Registered: Aug 2012
Location: Ryomgård, Danmark
Distribution: Slackware64
Posts: 98

Rep: Reputation: 60
14.1 is compiled with tcp_wrappers enabled!

from TCP Wrappers Reference Guide:
  • Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny. Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in hosts.deny is ignored.
  • The rules in each file are read from the top down and the first matching rule for a given service is the only one applied. Therefore the order of the rules is extremely important.
  • If no rules for the service are found in either file, or if neither file exists, access to the service is granted.

So if You have in hosts.allow

Code:
ALL: ALL
You are allowed in even if you have the service in hosts.deny

Quote:
edit /etc/ssh/hosts.deny and add sshd 127.0.0.1,
then try to login via ssh localhost. I was asked for my password and allowed in.
Syntax - Rember ":" after service name.

For example

Code:
sshd: 127.0.0.1 192.168.1. 192.168.2. 192.168.3. 10.8.0. [2002:50a6:9862:5678::]/64
It works perfectly in slackware 14.1
 
1 members found this post helpful.
Old 07-22-2014, 09:23 AM   #3
rshepard
Member
 
Registered: Oct 2007
Location: Troutdale, Oregon
Distribution: Slackware
Posts: 137

Original Poster
Rep: Reputation: 15
Thanks for clarifying. I've not looked at the tcp_wrappers docs for a long time. I'll fix hosts.allow to allow hosts.deny to work properly.

Rich
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tcp_wrappers with dyndns hostnames? MheAd Linux - Security 4 04-28-2009 07:59 PM
Tcp_Wrappers XaViaR Linux - Security 1 05-18-2005 10:00 AM
tcp_wrappers daemon list? anand_kt Linux - Networking 2 04-12-2005 06:08 AM
ethics privacy and tcp_wrappers 98steve600 Linux - General 1 03-28-2005 05:03 AM
ethics, privacy, and tcp_wrappers 98steve600 Linux - Security 1 01-13-2001 10:37 PM


All times are GMT -5. The time now is 11:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration