Re: ssh with tcp_wrappers!! contd/-


Hi All,

Thanks a lot for such a huge response, of course typing mistake, i was using DenyHost not DenyGhost; as suggested by david and others i did this,
1) Login, as root, to my Linux system containing the sshd server.
2) Edited the file, /etc/hosts.deny
3) Added the following:
$ sshd: 127.0.0.1
4) Attempt to connect to the local sshd server:
$ ssh localhost
It conected, Also, ldd /usr/sbin/sshd did not list libwrap.so ; hence its confirmed that my ssh is a simple rpm shootout.


Now, what next? i am not willing to compile openssh package is there any way out via rpm installation. Its a RHEL 3 box..


Thanks
D e b u

On Sat, 24 Feb 2007 David Bear wrote :
On Fri, Feb 23, 2007 at 07:08:53PM +0000, John O'Loughlin wrote:


Well, i was trying to configure DenyGhost

There is DenyUsers and DenyGroups that is part of sshd_config.

If you to deny hosts using tcp wrappers go into to etc/hosts.allow and
add

sshd: 127.0.0.1

Then save it.

Then try to ssh to localhost. That will tell you definitively whether
your sshd is compiled with tcp wrappers. I'd be very surprised if it
were not. Both Suse and RHEL that I use have sshd compiled with
wrappers.

BTW, I don'y know if you really mean DenyGhost instead of DenyHost. I
lost track of this thread a while back. If its already been said,
apologies for duplication.


If there's somethin' weird And it don't look good Who ya gonna call?...

John




Any suggetsion?


On Fri, 23 Feb 2007 Bliss,Aaron wrote :
Debu,
Iptables might be an alternative for you if you don't' want to compile
ssh; it should be able to do most if not all things tcp wrappers can
do...

Aaron

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of debu
Sent: Friday, February 23, 2007 12:49 PM
To: John O'Loughlin
Cc: General Red Hat Linux discussion list
Subject: Re: Re: ssh with tcp_wrappers!! contd/-


Thanks a lot john, for quick response, :)

yeah..got it its not there.

Now how do i go about that, its a running server. i dun want to compile
ssh again!!


--d e b u

On Fri, 23 Feb 2007 John O'Loughlin wrote :

ldd /usr/sbin/sshd

look for libwrap.so

John

On Fri, 23 Feb 2007, debu wrote:


Dear all,

How can i make sure that my ssh is compiled with tcp_wrappers?

Contd/-

--debu
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Confidentiality Notice:
The information contained in this electronic message is intended for the
exclusive use of the individual or entity named above and may contain
privileged or confidential information. If the reader of this message is
not the intended recipient or the employee or agent responsible to deliver
it to the intended recipient, you are hereby notified that dissemination,
distribution or copying of this information is prohibited. If you have
received this communication in error, please notify the sender immediately
by telephone and destroy the copies you received.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
David Bear
phone: 602-496-0424
fax: 602-496-0955
College of Public Programs/ASU
University Center Rm 622
411 N Central
Phoenix, AZ 85007-0685
"Beware the IP portfolio, everyone will be suspect of trespassing"

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Need Help Compiling Static sshd and ssh (4.3p2) In Solaris 8 and 10
    ... I do not install ssh as a package, instead I install it over NFS, then *copy* both ssh and sshd onto local drives on all my machines. ... My startup scripts use the *local* sshd on startup, and my path is setup to first try using the local ssh binary versus the one on NFS. ... My latest attempt was to compile 4.3p2 and it contains a link to libgcc_s.so.1, which lives in an NFS share. ...
    (SSH)
  • Re: use ipchains to block all ports > 60,000
    ... else going on here except sshd which allows me to log in and monitor the ... Telnet not running but here's the ouput of ssh -V and sshd -V ... OK, ran that from an external box and it showed open ports 22, 80, plus ... My ISP looked for evidence of massive scans emanating from my ip address ...
    (comp.os.linux.security)
  • remote administration of upgrades
    ... server that I administer runs FreeBSD 4.8, ... have ssh access to ... don't want to fubar sshd and then not be able to ... kill only the ...
    (freebsd-questions)
  • Re: Is OpenSSH 3.5p1 secure?
    ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... Here are a couple specific recommendations for you that you may wish ... Make sure your Protocol 2 RSA or DSA sshd keys are at the very ...
    (comp.security.ssh)
  • Re: trouble with OpenSSH_3.4p1
    ... >> I restarted sshd after the install.. ... >> Notice that the pid is owned by sshd, but an lsof of the file indicates ... to ports which were normally used by ssh. ... > the machines dorectly, i coul.d still log in using my original password. ...
    (comp.security.ssh)