ssh problems...

Paul Civati paul at xciv.org
Sun Sep 22 15:46:12 BST 2002


"Andrew Hodgson" <andrew.hodgson at blueyonder.co.uk> wrote:

> As far as I can see - it's recorded in /var/log/authlog.

I expect this is probably a tcp wrappers issue in that case.

> Yeah, my hosts.allow file is set thusly:
> 
> ALL : localhost 127.0.0.1 : allow
> sshd : 192.168.1.0/255.255.0.0 : allow
> ALL : ALL : deny
> 
> How does this look to you? I'm on the verge of using telnet!!

I'm not quite sure how well this mixed allow/deny config all
in hosts.allow will work.

I've always used a "ALL: ALL" in my hosts.deny and then put a
simple "ALL: 192.168.1.0/255.255.0.0" in my hosts.allow file.

tcpdchk(8) will check your ACL rules, and you can test a specific
case using tcpdmatch(8):

*---------------------------------------------------------------------------
| % tcpdmatch sshd 192.168.1.1
| warning: sshd: no such process name in /etc/inetd.conf
| client:   address  192.168.1.1
| server:   process  sshd
| matched:  /etc/hosts.deny line 5
| option:   rfc931 
| option:   severity local7.info
| access:   denied
*---------------------------------------------------------------------------

*---------------------------------------------------------------------------
| % tcpdmatch sshd 172.27.5.73   
| warning: sshd: no such process name in /etc/inetd.conf
| client:   address  172.27.5.73
| server:   process  sshd
| matched:  /etc/hosts.allow line 5
| option:   rfc931 
| option:   severity local7.info
| access:   granted
*---------------------------------------------------------------------------

-Paul-





More information about the Ukfreebsd mailing list