Re: hosts.allow/hosts.deny question (2)

To: debian-user@lists.debian.org
Subject: Re: hosts.allow/hosts.deny question (2)
From: Lindsay Allen <allen@cleo.murdoch.edu.au>
Date: Tue, 8 Aug 2000 09:11:45 +0800 (WST)
Message-id: <Pine.LNX.4.21.0008080900330.578-100000@elm.cbcfreo.wa.edu.au>
In-reply-to: <Pine.LNX.4.21.0008070949000.27194-100000@spider.noah>

Well, now I know why ALL: ALL in hosts.deny stopped things. 

It turns out that hosts.allow does not allow "ALL: my.ip.address" but is
happy with "ALL: 203.x.y.z" or even "ALL: 203.x.y."  There is a note about
this regarding the portmapper but I had not realised that the portmapper
is involved.

The working entries are:-
hosts.allow
   sshd: 203.x.y.z
hosts.deny
   ALL: ALL

Thanks to you both.

Lindsay


On Mon, 7 Aug 2000, Noah L. Meyerhans wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> These are by no means irrelevant to sshd, even if it is not run from
> inetd.  Read the man page for sshd, in which you'll see that it can be
> build with direct support for tcp_wrappers.  If it is (I don't know what
> the configure options in the Debian build are, but I suspect it is), then
> 'sshd: ALL' or whatever should work in /etc/hosts.allow and .deny.
> 
> OTOH, Lindsay should also check for AllowHosts or DenyHosts in
> /etc/ssh/sshd_config...man sshd for more info.
> 
> HTH,
> noah
> 
> On Mon, 7 Aug 2000, Eric G . Miller wrote:
> 
> > On Mon, Aug 07, 2000 at 09:48:13PM +0800, Lindsay Allen wrote:
> > > 
> > > Hello world,
> > > 
> > > I have a hosts_access problem.
> > > 
> > > hosts.deny has the line 
> > > ALL:ALL
> > > 
> > > This stops me logging in with ssh.  The problem is that if I put a line in
> > > hosts.allow like
> > >   sshd: my.ip.address
> > > the rule does not match because sshd does not feature in inetd.conf.
> > > 
> > > What have I missed?
> > 
> > The fact that these files are irrelevant to sshd unless it's run from
> > inetd.  Possibly a firewall, or simply a misconfigured sshd is the real
> > culprit.
> > 
> > -- 
> > MegaHAL quote:
> > 	I think a blowpipe is a marijuana cigarrette.  
> > 	It'll get you deleted!
> > 
> > 
> > -- 
> > Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> > 
> > 
> 
> 
>  _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
> 
> iQCVAwUBOY6+/IdCcpBjGWoFAQE6igP9FWdo+vXZdVhQUMmUiV9h74/3vgjXGhF1
> wjNfAU4I2cfG0N5az1nB+vqH8c0ERok67JpP1LzSkOSZTkBt1qZssRk/4+5UiPko
> pJ0Ppfv2akgtnWmHdK6U15BqgK++gRSwJWSb1156puKkqWCHY9VDPk01CaHpnGH0
> hSg+jkoUIG0=
> =P2c/
> -----END PGP SIGNATURE-----
> 
> 
> 

-- 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lindsay Allen   <allen@cleo.murdoch.edu.au>    Perth, Western Australia
voice +61 8 9316 2486, 0403 272 564   32.0125S 115.8445E   Debian Linux
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Reply to:

References:
- Re: hosts.allow/hosts.deny question (2)
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: Re: hosts.allow/hosts.deny question (2)
Next by Date: ghostscript
Previous by thread: Re: hosts.allow/hosts.deny question (2)
Next by thread: D Beckers ethernet drivers
Index(es):
- Date
- Thread