var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
sshd deny on /etc/hosts.deny
I have a new server setup that doesn't work with /etc/hosts.deny
i'm trying to deny sshd on this server so that i can only allow specific ip to login via setting on /etc/hosts.allow
[~]# cat /etc/hosts.deny
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd : ALL
what should I do to troubleshoot this issue?
Add the IP to be given ssh access in etc/hosts.allow as given below
To deny any other ssh access except from the ones listed from /etc/hosts.allow, backup and modify /etc/hosts.deny file
Save and exit.
yes, that's what i did, and
Originally Posted by
it didn't work.. the server does not deny all ssh request. I can still open ssh from anywhere. How do i solve this problem?
Not sure if the space would cause any issues, as you posted
Make sure its just
Other than that, make sure sshd is compiled with libwrap support
# ldd /usr/sbin/sshd
You should see in the output
libwrap.so.0 => /lib/libwrap.so.0
Was ssh compiled on your box? Make sure that /lib/libwrap.so.0 exists.
oh no, i didn't see it
[email protected] [~]# ldd /usr/sbin/sshd
linux-gate.so.1 => (0x001ef000)
libpam.so.0 => /lib/libpam.so.0 (0x00317000)
libdl.so.2 => /lib/libdl.so.2 (0x00a73000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00c2a000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x00c85000)
libutil.so.1 => /lib/libutil.so.1 (0x00880000)
libz.so.1 => /usr/lib/libz.so.1 (0x00abb000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00b3d000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00b56000)
libc.so.6 => /lib/libc.so.6 (0x0092d000)
libaudit.so.0 => /lib/libaudit.so.0 (0x002f6000)
how do i compile them with libwrap?
You would need to install the libwrap headers etc first, probably libwrap-devel on centos, (its libwrap0-dev on debian/ubuntu) then recompile ssh again with the ./configure option included
./configure --help for a full list.
i am using CentOs 5, how do i recompile ssh with libwrap ?
I would suggest you to restart the network and sshd services once and then test.
usualy tcpwrappers is not the way to go for what you are trying to do.
anyhow, you dont need to use both hosts.allow & hosts.deny.
tcpwrappers allows nesting of rules,
you can put inside your hosts.deny a line that will look like this
sshd: ALL EXCEPT 192.168.0.1
for example ^
iptables is the proper way to go.
beast5.com © - Managed Hosting Solutions 2004 - 2016
the problem now is i can't get hosts.deny / hosts.allow to work
i need some guide how can i recompile ssh with libwrap using centOs5
By fkranjce in forum Hosting Security and Technology
Last Post: 07-17-2009, 07:14 AM
By SI-Chris in forum Hosting Security and Technology
Last Post: 08-04-2007, 06:04 PM
By sh4ka in forum Hosting Security and Technology
Last Post: 02-09-2007, 06:17 PM
By infernus in forum Dedicated Server
Last Post: 12-29-2004, 04:22 PM
By Andrew Pakula in forum Web Hosting
Last Post: 08-19-2001, 05:06 PM