Bug#395535: claim that ssh doesn't do tcpdwrap (Re: Bug#395535: Syntax)

To: Rob Munsch <rmunsch@solutionsforprogress.com>, 395535@bugs.debian.org
Subject: Bug#395535: claim that ssh doesn't do tcpdwrap (Re: Bug#395535: Syntax)
From: Justin Pryzby <justinpryzby@users.sourceforge.net>
Date: Wed, 1 Nov 2006 17:11:22 -0500
Message-id: <[🔎] 20061101221122.GB9612@webmin.steelfarms.net>
Reply-to: Justin Pryzby <justinpryzby@users.sourceforge.net>, 395535@bugs.debian.org
In-reply-to: <454918F0.5010307@solutionsforprogress.com>
References: <[🔎] 454906DA.9060309@solutionsforprogress.com> <[🔎] 20061101215556.GA9612@webmin.steelfarms.net> <454918F0.5010307@solutionsforprogress.com>

On Wed, Nov 01, 2006 at 05:00:16PM -0500, Rob Munsch wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Justin Pryzby wrote:
> 
> > You do realize that /etc/hosts.allow is checked before hosts.deny?
> 
> yes, that's why i added my office's IP to hosts.allow before setting up
> denyhosts; otherwise nasty, nasty things would happen the first time
> someone screwed up their password 5 times :D
> 
> that shouldn't allow localhost to ssh when there's a
> sshd: 127.0.0.1
> in hosts.deny, however.
If localhost is in hosts.allow, then tcpd will never deny it access, even if it
is in hosts.deny.

If removal of hosts.allow causes access to be denied (don't do this remotely),
then stuff is working as it should.

Justin

Reply to:

References:
- Bug#395535: Syntax
  - From: Rob Munsch <rmunsch@solutionsforprogress.com>
- Bug#395535: claim that ssh doesn't do tcpdwrap (Re: Bug#395535: Syntax)
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>

Prev by Date: Bug#395535: Calling this off
Next by Date: Bug#395535: claim that ssh doesn't do tcpdwrap (Re: Bug#395535: Syntax)
Previous by thread: Bug#395535: claim that ssh doesn't do tcpdwrap (Re: Bug#395535: Syntax)
Next by thread: Bug#395535:
Index(es):
- Date
- Thread