Bug#283703: ssh: yes it needs newer libwrap
Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Followup-For: Bug #283703
hi
I was biten by this bug . Here is what I found.
I have a very strict /etc/hosts.deny, and an /etc/hosts.allow
with many lines such as follows :
sshd : 192.167.206.
After an upgrade to sarge, sshd stopped working.
Here are a few tests I did (using 192.167.206.156 as the client)
--------------------- first test (server side)
# sshd -ddd
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
debug1: Connection refused by tcp wrapper
---------------------
then I tried to add
sshd : ALL
to /etc/hosts.allow and it was working fine, as follows
-----------------------
# sshd -ddd
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:192.167.206.156 port 51892
debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1 Debian-8.sarge.4
.......all goes fine..........
-----------------------------------
then I tried with the line
sshd : 192.167.206.156
and again it was OK; the line
sshd : 192.167.206.
was always constantly a NO-GO
-----------------------------
then I upgraded libwrap, as follows
# apt-get install libwrap0
The following packages will be upgraded:
libwrap0
Preparing to replace libwrap0 7.6-9 (using .../libwrap0_7.6.dbs-8_i386.deb) ...
Unpacking replacement libwrap0 ...
Setting up libwrap0 (7.6.dbs-8) ...
-----------------------
now the line
sshd : 192.167.206.
works fine
-----------------------
a.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages ssh depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.30.11 Debian configuration management sy
ii dpkg 1.10.27 Package maintenance system for Deb
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libpam-modules 0.72-35 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7c-5 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.2-3 compression library - runtime
-- debconf information:
ssh/insecure_rshd:
ssh/privsep_ask: true
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/SUID_client: false
ssh/disable_cr_auth: false
* ssh/privsep_tell:
ssh/ssh2_keys_merged:
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
--
Andrea Mennucc
"Ukn ow,Ifina llyfixe dmysp acebar.ohwh atthef"
Reply to: