Re: hosts.allow/hosts.deny question (2)
Well, now I know why ALL: ALL in hosts.deny stopped things.
It turns out that hosts.allow does not allow "ALL: my.ip.address" but is
happy with "ALL: 203.x.y.z" or even "ALL: 203.x.y." There is a note about
this regarding the portmapper but I had not realised that the portmapper
is involved.
The working entries are:-
hosts.allow
sshd: 203.x.y.z
hosts.deny
ALL: ALL
Thanks to you both.
Lindsay
On Mon, 7 Aug 2000, Noah L. Meyerhans wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> These are by no means irrelevant to sshd, even if it is not run from
> inetd. Read the man page for sshd, in which you'll see that it can be
> build with direct support for tcp_wrappers. If it is (I don't know what
> the configure options in the Debian build are, but I suspect it is), then
> 'sshd: ALL' or whatever should work in /etc/hosts.allow and .deny.
>
> OTOH, Lindsay should also check for AllowHosts or DenyHosts in
> /etc/ssh/sshd_config...man sshd for more info.
>
> HTH,
> noah
>
> On Mon, 7 Aug 2000, Eric G . Miller wrote:
>
> > On Mon, Aug 07, 2000 at 09:48:13PM +0800, Lindsay Allen wrote:
> > >
> > > Hello world,
> > >
> > > I have a hosts_access problem.
> > >
> > > hosts.deny has the line
> > > ALL:ALL
> > >
> > > This stops me logging in with ssh. The problem is that if I put a line in
> > > hosts.allow like
> > > sshd: my.ip.address
> > > the rule does not match because sshd does not feature in inetd.conf.
> > >
> > > What have I missed?
> >
> > The fact that these files are irrelevant to sshd unless it's run from
> > inetd. Possibly a firewall, or simply a misconfigured sshd is the real
> > culprit.
> >
> > --
> > MegaHAL quote:
> > I think a blowpipe is a marijuana cigarrette.
> > It'll get you deleted!
> >
> >
> > --
> > Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> >
> >
>
>
> _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
>
> iQCVAwUBOY6+/IdCcpBjGWoFAQE6igP9FWdo+vXZdVhQUMmUiV9h74/3vgjXGhF1
> wjNfAU4I2cfG0N5az1nB+vqH8c0ERok67JpP1LzSkOSZTkBt1qZssRk/4+5UiPko
> pJ0Ppfv2akgtnWmHdK6U15BqgK++gRSwJWSb1156puKkqWCHY9VDPk01CaHpnGH0
> hSg+jkoUIG0=
> =P2c/
> -----END PGP SIGNATURE-----
>
>
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lindsay Allen <allen@cleo.murdoch.edu.au> Perth, Western Australia
voice +61 8 9316 2486, 0403 272 564 32.0125S 115.8445E Debian Linux
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Reply to: