[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh: "connection refused by tcp wrapper"

On Sat, Apr 19, 2003 at 01:09:52PM -0400, Kevin McKinley wrote:
> On Sat, 19 Apr 2003 12:41:56 -0400
> Soren Andersen <somian@adelphia.net> wrote:
> > The thing that probably derailed my own analysis is that I probably
> > vaguely thought I recalled that sshd provides its own security /
> > authentication so is not generally run under inetd, so I THOUGHT it
> > wouldn't have anything to do with the hosts.{allow,deny} files. Clearly
> > there's something I don't understand yet about all that.
> If sshd is run as a daemon it doesn't look at hosts.{allow,deny}. If you run
> it as an inetd service, it does.

Yes, I know. And it is not usually considered feasible to run sshd from
inetd because it takes too long for sshd to generate a session key each
time it is fired up by inetd, which would cause a timeout on inetd and
fail. So it isn't set up that way on any Debian system by default, and I
haven't changed that. Thus in fact there's something weird going on
here, that doesn't comply with known operating theory of the sshd
package. I *shouldn't* be able to alter the way my sshd runs (accepts or
completes connections from remote clients) by altering a
/etc/hosts.{allow,deny} file, YET empirically we have just discovered
that I *can*, and must, in my case.

It would be gratifying to get an explanation if possible from the
package maintainer, perhaps, for ssh on Debian, so I am going to CC:
this message to Matthew Vernon (matthew >>AT<< debian **DOT** org).
Version of the ssh pakcage I am using:  3.4p1-1

Find my GnuPG public key on better keyservers everywhere ;-)
GnuPG public key fingerprint:  BD26 A5D8 D781 C96B 9936  310F 0573 A3D9 4E24 4EA6

Reply to: