Bug #173
closed
Strange sshd problem with 1.5.3-PREVIEW
0%
Description
Hi!
I upgraded two servers to 1.5.3-PREVIEW and noticed that although sshd is
compiled to use libwrap.so, it does not consult it (server name mangled):
XYZW# uname -a
DragonFly XYZW.tee.gr 1.5.3-PREVIEW DragonFly 1.5.3-PREVIEW #0: Fri Apr 28 16:46:54 EEST 2006 root@XYZW.tee.gr:/usr/obj/usr/src/sys/GENERIC i386
XYZW# ldd /usr/sbin/sshd
/usr/sbin/sshd:
libopie.so.3 => /usr/lib/libopie.so.3 (0x280a5000)
libmd.so.3 => /usr/lib/libmd.so.3 (0x280af000)
libcrypt.so.3 => /usr/lib/libcrypt.so.3 (0x280b9000)
libutil.so.4 => /usr/lib/libutil.so.4 (0x280d2000)
libz.so.3 => /usr/lib/libz.so.3 (0x280df000)
libwrap.so.4 => /usr/lib/libwrap.so.4 (0x280f0000)
libpam.so.3 => /usr/lib/libpam.so.3 (0x280f8000)
libssh.so.4 => /usr/lib/libssh.so.4 (0x280ff000)
libcrypto.so.4 => /usr/lib/libcrypto.so.4 (0x28136000)
libc.so.6 => /usr/lib/libc.so.6 (0x28284000)
XYZW# cat /etc/hosts.allow
ALL: 127.0.0.1 : ALLOW
ALL: ALL : DENY
However, ssh connections to XYZW are allowed and accepted.
TIA for any ideas or flames.
--
#include <std/disclaimer.h> /* Yiorgos Adamopoulos */
Updated by skrueger over 18 years ago
Yiorgos Adamopoulos wrote:
I upgraded two servers to 1.5.3-PREVIEW and noticed that although sshd is
compiled to use libwrap.so, it does not consult it (server name mangled):
hm... NetBSD's libwrap has /etc/hosts.deny, so putting "ALL: ALL : DENY"
in /etc/hosts.deny could do the trick...
Updated by adamo over 18 years ago
On 2006-05-15, Stefan KrĪger <skrueger@meinberlikomm.de> wrote:
hm... NetBSD's libwrap has /etc/hosts.deny, so putting "ALL: ALL : DENY"
in /etc/hosts.deny could do the trick...
I am using it as described in hosts_options(5), ie. using a single file
(/etc/hosts.allow). BTW, I tried splitting it to /etc/hosts.allow and
/etc/hosts.deny (as described in hosts_access(5)) but the result is the
same.
When I was using 1.5.0-PREVIEW it worked as expected, with 1.5.3-PREVIEW it
seems that that libwrap is not consulted, although sshd is linked to it and
the makefiles seem to define -DLIBWRAP.