Bug #173

Strange sshd problem with 1.5.3-PREVIEW

Added by adamo over 8 years ago. Updated about 8 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Hi!

I upgraded two servers to 1.5.3-PREVIEW and noticed that although sshd is
compiled to use libwrap.so, it does not consult it (server name mangled):

XYZW# uname -a
DragonFly XYZW.tee.gr 1.5.3-PREVIEW DragonFly 1.5.3-PREVIEW #0: Fri Apr 28 16:46:54 EEST 2006 :/usr/obj/usr/src/sys/GENERIC i386

XYZW# ldd /usr/sbin/sshd
/usr/sbin/sshd:
libopie.so.3 => /usr/lib/libopie.so.3 (0x280a5000)
libmd.so.3 => /usr/lib/libmd.so.3 (0x280af000)
libcrypt.so.3 => /usr/lib/libcrypt.so.3 (0x280b9000)
libutil.so.4 => /usr/lib/libutil.so.4 (0x280d2000)
libz.so.3 => /usr/lib/libz.so.3 (0x280df000)
libwrap.so.4 => /usr/lib/libwrap.so.4 (0x280f0000)
libpam.so.3 => /usr/lib/libpam.so.3 (0x280f8000)
libssh.so.4 => /usr/lib/libssh.so.4 (0x280ff000)
libcrypto.so.4 => /usr/lib/libcrypto.so.4 (0x28136000)
libc.so.6 => /usr/lib/libc.so.6 (0x28284000)

XYZW# cat /etc/hosts.allow
ALL: 127.0.0.1 : ALLOW
ALL: ALL : DENY

However, ssh connections to XYZW are allowed and accepted.

TIA for any ideas or flames.
--
#include <std/disclaimer.h> /* Yiorgos Adamopoulos */

History

#1 Updated by skrueger over 8 years ago

Yiorgos Adamopoulos wrote:
> I upgraded two servers to 1.5.3-PREVIEW and noticed that although sshd is
> compiled to use libwrap.so, it does not consult it (server name mangled):

hm... NetBSD's libwrap has /etc/hosts.deny, so putting "ALL: ALL : DENY"
in /etc/hosts.deny could do the trick...

#2 Updated by adamo over 8 years ago

On 2006-05-15, Stefan KrĪŒger <> wrote:
> hm... NetBSD's libwrap has /etc/hosts.deny, so putting "ALL: ALL : DENY"
> in /etc/hosts.deny could do the trick...

I am using it as described in hosts_options(5), ie. using a single file
(/etc/hosts.allow). BTW, I tried splitting it to /etc/hosts.allow and
/etc/hosts.deny (as described in hosts_access(5)) but the result is the
same.

When I was using 1.5.0-PREVIEW it worked as expected, with 1.5.3-PREVIEW it
seems that that libwrap is not consulted, although sshd is linked to it and
the makefiles seem to define -DLIBWRAP.

Also available in: Atom PDF