ssh problems...
Paul Civati
paul at xciv.org
Sun Sep 22 15:46:12 BST 2002
"Andrew Hodgson" <andrew.hodgson at blueyonder.co.uk> wrote:
> As far as I can see - it's recorded in /var/log/authlog.
I expect this is probably a tcp wrappers issue in that case.
> Yeah, my hosts.allow file is set thusly:
>
> ALL : localhost 127.0.0.1 : allow
> sshd : 192.168.1.0/255.255.0.0 : allow
> ALL : ALL : deny
>
> How does this look to you? I'm on the verge of using telnet!!
I'm not quite sure how well this mixed allow/deny config all
in hosts.allow will work.
I've always used a "ALL: ALL" in my hosts.deny and then put a
simple "ALL: 192.168.1.0/255.255.0.0" in my hosts.allow file.
tcpdchk(8) will check your ACL rules, and you can test a specific
case using tcpdmatch(8):
*---------------------------------------------------------------------------
| % tcpdmatch sshd 192.168.1.1
| warning: sshd: no such process name in /etc/inetd.conf
| client: address 192.168.1.1
| server: process sshd
| matched: /etc/hosts.deny line 5
| option: rfc931
| option: severity local7.info
| access: denied
*---------------------------------------------------------------------------
*---------------------------------------------------------------------------
| % tcpdmatch sshd 172.27.5.73
| warning: sshd: no such process name in /etc/inetd.conf
| client: address 172.27.5.73
| server: process sshd
| matched: /etc/hosts.allow line 5
| option: rfc931
| option: severity local7.info
| access: granted
*---------------------------------------------------------------------------
-Paul-
More information about the Ukfreebsd
mailing list