Re: How to stop SSH doing reverse lookup?

To: debian-user@lists.debian.org
Subject: Re: How to stop SSH doing reverse lookup?
From: Martin Dickopp <martin-deb@zero-based.org>
Date: Sat, 02 Apr 2005 21:10:25 +0200
Message-id: <[🔎] cunll81ro4e.fsf@zero-based.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20050402183059.GA15134@TheloniousMonk.laniels.org> (Stephen R. Laniel's message of "Sat, 2 Apr 2005 13:30:59 -0500")
References: <[🔎] 5bfe5dce050402102622c5b33c@mail.gmail.com> <[🔎] 20050402183059.GA15134@TheloniousMonk.laniels.org>

Stephen R Laniel <steve@laniels.org> writes:

> On Sat, Apr 02, 2005 at 10:26:19AM -0800, Chuk Goodin wrote:
>> putting SSH: <ComputerX hostname> in hosts.allow
>> putting ALL: <ComputerX hostname> in hosts.allow
>
> Correct me if I'm wrong,

Okay, you asked for it. ;)

> but I'm pretty sure the hosts.* files only apply to those daemons
> running under inetd -- and I don't believe sshd is one of those.

hosts.allow and hosts.deny are evaluated by libwrap, a library programs
can use to manage host based access control. "ldd /usr/sbin/sshd"
reveals that sshd is indeed linked with libwrap, at least the version in
Debian unstable.

Most inetd services don't do access control on their own, but they can
be invoked through the tcpd wrapper program, which is a part of libwrap.
tcpd then uses libwrap to determine if the access is allowed, and if so,
runs the real service.

Martin

Reply to:

References:
- How to stop SSH doing reverse lookup?
  - From: Chuk Goodin <chukgoodin@gmail.com>
- Re: How to stop SSH doing reverse lookup?
  - From: Stephen R Laniel <steve@laniels.org>

Prev by Date: Re: Thursday upgrade borked my nvidia drivers
Next by Date: Re: isp Re: intrusion via ssh
Previous by thread: Re: How to stop SSH doing reverse lookup?
Next by thread: Re: How to stop SSH doing reverse lookup?
Index(es):
- Date
- Thread