Re: ssh_exchange_identification: Connection closed by remote host PART II
* Gary Turner (kk5st@swbell.net) spake thusly:
> On Sun, 24 Mar 2002 08:46:00 +0100, Sven Hoexter wrote:
>
> >On Sat, Mar 23, 2002 at 01:09:37PM -0800, Jaye Inabnit ke6sls wrote:
>
> >> My question now is this: do I need to make these hosts_allow entries into
> >> each of my linux computers? I still find it very odd that all the other
> >> computers were able to connect to my firewall/router as it was, and only my
> >> Woody box was banned from connecting.
> >IIRC it helps fixing your DNS problem. The real problem is that in
> >/etc/hosts.deny is ALL:PARANOID set. This entry blocks all hosts that
> >have an invalid or no PTR record.
>
> My understanding has been that /etc/hosts.deny ALL:PARANOID is a good
> thing (tm), in that visitors not invited in, are kicked out. Which is
> your objection in this case. /etc/hosts.allow is tested first and if a
> match is found, then host.deny is never tested. Thus, you can "allow"
> your whole LAN by:
>
> ALL : 192.168.0. # <--note the trailing "."
>
> or a piece of it:
>
> ALL : 192.168.0. EXCEPT 192.168.0.46 # or
> ALL : .foo.bar EXCEPT honker.foo.bar # note leading "."
>
> Won't these general allows eliminate the need to edit each host for each
> addition/subtraction on your net? If ALL : PARANOID is not used in
> hosts.deny, then any host not specifically denied, is allowed. That
> seems to me to be a bad thing (tm). In the above example, everybody in
> the world except honker is let in.
It'll work *if* *reverse* *DNS* is working on 192.168.0.0. Otherwise
either tcp wrappers or ssh itself (dep. on sshd config options) will
refuse connections.
Didn't you read Sven's rely? It says "DNS problem" right there.
Dima
--
Backwards compatibility is either a pun or an oxymoron. -- PGN
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: