All --

I just now finished installing an Alma 9 Appliance for a Customer.

Just a few minutes after we booted we discovered that we were being clobbered by script kiddies trying to ssh into the Box from 'all over'

I had already installed 'the usual' /etc/hosts.allow file so I was surprised to say the least and it was a scramble to set up an IP Addr white-list via a remote ssh login without locking myself out.

I found out after a little research that libwrap has been depricated as of openssh version 6.7

see: Fedora Project > Changes/Deprecate TCP wrappers

IMO, tcpwrappers might be old but it certainly provided a simple and safe way to keep the script kiddies at bay without locking myself out of a remote machine.

I also see that libwrap is no longer linked to openssh-9.2p1 in Slackware 15.0

Does anyone know of a good online discussion on why libwrap is no longer linked to openssh ?

What's wrong with tcpwrappers ?

Thanks

-- kjh

A thread in this forum a few years back

1 members found this post helpful.

libwrap is still linked to openssh. Look at openssh.SlackBuild and openssh.tcp_wrappers.diff.gz. Or look at the binary:

1 members found this post helpful.

Petri Kaukasoina --

Yes, but I based my conclusion on this as suggested in one of the .docs I found:
Thanks !

-- kjh

p.s. after reading the posts in allend's link I see that libwrap is provided as /usr/lib64/libwrap.a and as you said, it IS statically linked in /usr/sbin/sshd ( whew ! I love my /etc/hosts.allow files )

Thanks allend !

I now see that tcp_wrappers-7.6-x86_64-6 on Slackware64 15.0 provides only a static library ( usr/lib64/libwrap.a )

That explains why ldd finds no references to libwrap.

I've got some reading to do either way

-- kjh

p.s. I REALLY appreciate Pat's decision to keep tcp_wrappers alive in Slackware !

2 members found this post helpful.