[SOLVED] /etc/hosts.allow doesn't work ?

mun1ek

my /etc/hosts.deny

octanez · Posted: Thu May 08, 2008 6:04 pm Post subject:

Did you add tcp-wrappers to ssh? If I remember they are required for SSHD to use /etc/hosts.*.
_________________
Adopt an orphan

mun1ek · Posted: Fri May 09, 2008 9:28 am Post subject:

What You mean "add" ? tcp-wrappers was installed.

octanez · Posted: Fri May 09, 2008 1:53 pm Post subject:

ricochen27 · n00b Joined: 10 May 2008 Posts: 1

I can confirm that I had problem with openssh version 4.7_p1-r2 as well. I have the following configurations

/etc/hosts.deny
sshd: 192.168.1.25

/etc/portage/packages.use
net-misc/openssh tcpd

and I run openssh (4.7_p1-r2) at host 192.168.1.254 whose hostname is server.mydomain.net (I have name server bind running on this host). My openssh is compiled with tcpd option on. The problem I had is if I try to ssh (from host 192.168.1.25) to the server by its ip, that is
#I run ssh on custom port 9922
ssh -p 9922 js@192.168.1.254
I found that most of the time I didn''t get "connection refused" message, instead I am still able to log in even I have explicitly ban that IP. BTW I have nothing in my /etc/hosts.allow

And if I did get "connection refused" message, I noticed that I could easily bypass it by using the server's hostname, that is,
If I do
ssh -p 9922 js@server.mydomain.net
IP 192.168.1.25 didn't get banned based on the server's /etc/hosts.deny file.

After I saw mun1ek's post, I upgraded my openssh to the newest version (5.0_p1_r1):
emerge --sync
echo "net-misc/openssh" >> /etc/portage/package.keywords
emerge openssh
/etc/init.d/sshd restart
and problem got solved.