[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to stop SSH doing reverse lookup?

Stephen R Laniel <steve@laniels.org> writes:

> On Sat, Apr 02, 2005 at 10:26:19AM -0800, Chuk Goodin wrote:
>> putting SSH: <ComputerX hostname> in hosts.allow
>> putting ALL: <ComputerX hostname> in hosts.allow
> Correct me if I'm wrong,

Okay, you asked for it. ;)

> but I'm pretty sure the hosts.* files only apply to those daemons
> running under inetd -- and I don't believe sshd is one of those.

hosts.allow and hosts.deny are evaluated by libwrap, a library programs
can use to manage host based access control. "ldd /usr/sbin/sshd"
reveals that sshd is indeed linked with libwrap, at least the version in
Debian unstable.

Most inetd services don't do access control on their own, but they can
be invoked through the tcpd wrapper program, which is a part of libwrap.
tcpd then uses libwrap to determine if the access is allowed, and if so,
runs the real service.


Reply to: