Bug#283703: ssh: yes it needs newer libwrap

To: mennucc1@debian.org, 283703@bugs.debian.org
Cc: Martin Bork <m.bork@insol.de>, Matthew Vernon <matthew@debian.org>
Subject: Bug#283703: ssh: yes it needs newer libwrap
From: Christoph Martin <martin@uni-mainz.de>
Date: Fri, 29 Apr 2005 15:32:06 +0200
Message-id: <[🔎] 42723756.9070909@uni-mainz.de>
Reply-to: Christoph Martin <martin@uni-mainz.de>, 283703@bugs.debian.org
In-reply-to: <[🔎] 20050405133950.GA3364@tonelli.sns.it>
References: <[🔎] 20050405133950.GA3364@tonelli.sns.it>

Can you close this bug?

It looks to me that this was an issue with a broken libwrap. Correct?

Christoph

A Mennucc schrieb:
> Package: ssh
> Version: 1:3.8.1p1-8.sarge.4
> Followup-For: Bug #283703
>
> hi
>
> I was biten by this bug . Here is what I found.
>
> I have a very strict /etc/hosts.deny, and an /etc/hosts.allow
> with many lines such as follows :
> sshd : 192.167.206.
>
> After an upgrade to sarge, sshd stopped working.
>
> Here are a few tests I did (using 192.167.206.156 as the client)
>
>
> --------------------- first test (server side)
> # sshd -ddd
> debug2: read_server_config: filename /etc/ssh/sshd_config
> debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Bind to port 22 on 0.0.0.0.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> debug1: Connection refused by tcp wrapper
> ---------------------
>
> then I tried to add
> sshd : ALL
> to /etc/hosts.allow and it was working fine, as follows
>
> -----------------------
> # sshd -ddd
> debug2: read_server_config: filename /etc/ssh/sshd_config
> debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Bind to port 22 on 0.0.0.0.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> Connection from ::ffff:192.167.206.156 port 51892
> debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
> debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1 Debian-8.sarge.4
> .......all goes fine..........
> -----------------------------------
>
> then I tried with the line
>   sshd : 192.167.206.156
> and again it was OK; the line
>  sshd : 192.167.206.
> was always constantly a NO-GO
>
> -----------------------------
> then I upgraded libwrap, as follows
> # apt-get install libwrap0
> The following packages will be upgraded:
>   libwrap0
> Preparing to replace libwrap0 7.6-9 (using .../libwrap0_7.6.dbs-8_i386.deb) ...
> Unpacking replacement libwrap0 ...
> Setting up libwrap0 (7.6.dbs-8) ...
> -----------------------
>
> now the line
>  sshd : 192.167.206.
> works fine
>
> -----------------------
>
> a.
>
> -- System Information:
> Debian Release: 3.1
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-k7
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
>
> Versions of packages ssh depends on:
> ii  adduser                     3.63         Add and remove users and groups
> ii  debconf                     1.4.30.11    Debian configuration management sy
> ii  dpkg                        1.10.27      Package maintenance system for Deb
> ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
> ii  libpam-modules              0.72-35      Pluggable Authentication Modules f
> ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
> ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
> ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
> ii  libwrap0                    7.6.dbs-8    Wietse Venema's TCP wrappers libra
> ii  zlib1g                      1:1.2.2-3    compression library - runtime
>
> -- debconf information:
>   ssh/insecure_rshd:
>   ssh/privsep_ask: true
> * ssh/user_environment_tell:
> * ssh/forward_warning:
>   ssh/insecure_telnetd:
>   ssh/new_config: true
> * ssh/use_old_init_script: true
> * ssh/SUID_client: false
>   ssh/disable_cr_auth: false
> * ssh/privsep_tell:
>   ssh/ssh2_keys_merged:
> * ssh/protocol2_only: true
>   ssh/encrypted_host_key_but_no_keygen:
> * ssh/run_sshd: true
>

--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin@Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#283703: ssh: yes it needs newer libwrap
  - From: A Mennucc <mennucc1@debian.org>

Prev by Date: Bug#92164: FYI: Secure page follwing
Next by Date: Bug#117318: This is amazing Sat, 30 Apr 2005 05:35:07 -0600
Previous by thread: Bug#283703: ssh: yes it needs newer libwrap
Next by thread: Bug#117318: No DOc. Note needed!
Index(es):
- Date
- Thread