Strange sshd problem with 1.5.3-PREVIEW
I upgraded two servers to 1.5.3-PREVIEW and noticed that although sshd is
compiled to use libwrap.so, it does not consult it (server name mangled):
XYZW# uname -a
DragonFly XYZW.tee.gr 1.5.3-PREVIEW DragonFly 1.5.3-PREVIEW #0: Fri Apr 28 16:46:54 EEST 2006 root@XYZW.tee.gr:/usr/obj/usr/src/sys/GENERIC i386
XYZW# ldd /usr/sbin/sshd
libopie.so.3 => /usr/lib/libopie.so.3 (0x280a5000)
libmd.so.3 => /usr/lib/libmd.so.3 (0x280af000)
libcrypt.so.3 => /usr/lib/libcrypt.so.3 (0x280b9000)
libutil.so.4 => /usr/lib/libutil.so.4 (0x280d2000)
libz.so.3 => /usr/lib/libz.so.3 (0x280df000)
libwrap.so.4 => /usr/lib/libwrap.so.4 (0x280f0000)
libpam.so.3 => /usr/lib/libpam.so.3 (0x280f8000)
libssh.so.4 => /usr/lib/libssh.so.4 (0x280ff000)
libcrypto.so.4 => /usr/lib/libcrypto.so.4 (0x28136000)
libc.so.6 => /usr/lib/libc.so.6 (0x28284000)
XYZW# cat /etc/hosts.allow
ALL: 127.0.0.1 : ALLOW
ALL: ALL : DENY
However, ssh connections to XYZW are allowed and accepted.
TIA for any ideas or flames.
#include <std/disclaimer.h> /* Yiorgos Adamopoulos */
#1 Updated by skrueger over 9 years ago
Yiorgos Adamopoulos wrote:
> I upgraded two servers to 1.5.3-PREVIEW and noticed that although sshd is
> compiled to use libwrap.so, it does not consult it (server name mangled):
hm... NetBSD's libwrap has /etc/hosts.deny, so putting "ALL: ALL : DENY"
in /etc/hosts.deny could do the trick...
#2 Updated by adamo over 9 years ago
On 2006-05-15, Stefan Krόger <email@example.com> wrote:
> hm... NetBSD's libwrap has /etc/hosts.deny, so putting "ALL: ALL : DENY"
> in /etc/hosts.deny could do the trick...
I am using it as described in hosts_options(5), ie. using a single file
(/etc/hosts.allow). BTW, I tried splitting it to /etc/hosts.allow and
/etc/hosts.deny (as described in hosts_access(5)) but the result is the
When I was using 1.5.0-PREVIEW it worked as expected, with 1.5.3-PREVIEW it
seems that that libwrap is not consulted, although sshd is linked to it and
the makefiles seem to define -DLIBWRAP.