Re: Real problem with sshd - hosts.deny

To: Debian User <debian-user@lists.debian.org>
Subject: Re: Real problem with sshd - hosts.deny
From: Philipp Schulte <p.schulte@matrix.uni-duisburg.de>
Date: Mon, 30 Oct 2000 23:24:31 +0100
Message-id: <20001030232431.B31682@nepomuk.matrix.uni-duisburg.de>
Mail-followup-to: Debian User <debian-user@lists.debian.org>
In-reply-to: <20001030131956.A17244@sooma.com>; from gila@gila.org on Mon, Oct 30, 2000 at 01:19:56PM -0800
References: <20001030131956.A17244@sooma.com>

On Mon, Oct 30, 2000 at 01:19:56PM -0800, Aaron Brashears wrote: 

> I reconfigured sshd to have verbose logging, and tried to connect. The
> log comes back with the folowing error:
> 
> Oct 30 13:09:30 garrison sshd[17223]: warning: /etc/hosts.deny, line 15: can't verify hostname: gethostbyname(ATHM-216-216-xxx-203.home.net) failed
> Oct 30 13:09:30 garrison sshd[17223]: refused connect from 216.216.10.203
> 
> So, it seems that between this morning and this afternoon, my server
> can no longer verify my host. I have two qeutions.
> 
> 1. How could this have happened? Something with home.net?

Well, was your connection killed while an ssh-session was running?

> 2. How can I securely fix hosts.deny so that it doesn't deny me?

>From my /etc/hosts.deny:

ALL EXCEPT sshd: ALL

I don't consider this a security problem because my users have good
passwords and logcheck complains about every failed login.
Phil

Reply to:

References:
- Real problem with sshd - hosts.deny
  - From: Aaron Brashears <gila@gila.org>

Prev by Date: Re: ssh is refusing connections
Next by Date: Re: Sendmail + Authenticated SMTP?
Previous by thread: Real problem with sshd - hosts.deny
Next by thread: Re: Real problem with sshd - hosts.deny
Index(es):
- Date
- Thread