| View previous topic :: View next topic |
| Author |
Message |
mun1ek
n00b
Joined: 08 Nov 2006
Posts: 43
Location: Poland, Katowice
|
 Posted: Thu May 08, 2008 10:22 am Post subject: [SOLVED] /etc/hosts.allow doesn't work ? |
 |
|
my /etc/hosts.deny
my /etc/hosts.allow
| Code: | | ALL: 79.185.xxx.xxx |
when i try connect by ssh from 79.185.xxx.xxx host, i get:
| Code: | | ssh_exchange_identification: Connection closed by remote host |
in log i get:
| Code: | | gentoo sshd[10850]: refused connect from 0.0.0.0 |
the same problem is when i use for example 127.0.0.1 instead of 79.185.xxx.xxx
only with: ALL: ALL in hosts.allow, i can connect.
What's the problem ?
Problem SOLVED!
I have updated openssh from to 4.7_p1-r2 to 5.0_p1-r1 version, and now hosts.allow and hosts.deny works!!! |
|
| Back to top |
|
 |
octanez
Tux's lil' helper
Joined: 17 Apr 2004
Posts: 149
Location: Woods Hole, MA, USA, Earth
|
| Posted: Thu May 08, 2008 1:04 pm Post subject: |
|
|
Did you add tcp-wrappers to ssh? If I remember they are required for SSHD to use /etc/hosts.*.
_________________
Adopt an orphan |
|
| Back to top |
|
|
mun1ek
n00b
Joined: 08 Nov 2006
Posts: 43
Location: Poland, Katowice
|
| Posted: Fri May 09, 2008 4:28 am Post subject: |
|
|
| What You mean "add" ? tcp-wrappers was installed. |
|
| Back to top |
|
|
octanez
Tux's lil' helper
Joined: 17 Apr 2004
Posts: 149
Location: Woods Hole, MA, USA, Earth
|
| Posted: Fri May 09, 2008 8:53 am Post subject: |
|
|
| mun1ek wrote: | | What You mean "add" ? tcp-wrappers was installed. |
Just trying to identify what changed, and gave you the result that you wanted, to help future people who come across this post.
_________________
Adopt an orphan |
|
| Back to top |
|
|
ricochen27
n00b
Joined: 10 May 2008
Posts: 1
|
| Posted: Sat May 10, 2008 4:24 pm Post subject: |
|
|
I can confirm that I had problem with openssh version 4.7_p1-r2 as well. I have the following configurations
/etc/hosts.deny
sshd: 192.168.1.25
/etc/portage/packages.use
net-misc/openssh tcpd
and I run openssh (4.7_p1-r2) at host 192.168.1.254 whose hostname is server.mydomain.net (I have name server bind running on this host). My openssh is compiled with tcpd option on. The problem I had is if I try to ssh (from host 192.168.1.25) to the server by its ip, that is
#I run ssh on custom port 9922
ssh -p 9922 js@192.168.1.254
I found that most of the time I didn''t get "connection refused" message, instead I am still able to log in even I have explicitly ban that IP. BTW I have nothing in my /etc/hosts.allow
And if I did get "connection refused" message, I noticed that I could easily bypass it by using the server's hostname, that is,
If I do
ssh -p 9922 js@server.mydomain.net
IP 192.168.1.25 didn't get banned based on the server's /etc/hosts.deny file.
After I saw mun1ek's post, I upgraded my openssh to the newest version (5.0_p1_r1):
emerge --sync
echo "net-misc/openssh" >> /etc/portage/package.keywords
emerge openssh
/etc/init.d/sshd restart
and problem got solved. |
|
| Back to top |
|
|
|
Networking & Security
