lou.kamenov at aeye.net
Mon Sep 23 12:37:17 BST 2002
On Sat, 21 Sep 2002 16:16:55 +0100
"Andrew Hodgson" <andrew.hodgson at blueyonder.co.uk> wrote:
> > I expect this is probably a tcp wrappers issue in that case.
> Paul, you were right - after using tcpdmatch (great utility!) on sshd and
> inetd, my hosts.deny file (set up like yours) was blocking the connection.
Sorry for the late response but, I think it`s unwise to use tcp wrappers with sshd, it has enuf good wrapper itself (plus priv separation) however if you want ot permit it only on the internal network sipmply run it on the internal iface on the bsd box,
Altho this is a firewall box, i suggest you to stop inetd.
IPF is awesome (good choice)! :)
> I've commented the single rule out, and I now have a telnet connection (ssh
> isn't exchanging keys right but I can sort that out later).
> Now at least I can unplug this old monitor and tweak the box remotely.
> I suppose the kernel reads the hosts.deny file BEFORE the hosts.allow file?
> ------ FreeBSD UK Users' Group - Mailing List ------
More information about the Ukfreebsd