sshd and tcpwrappers

Jeremy Utley jeremy at linuxfromscratch.org
Tue Feb 3 23:50:16 PST 2004


On Tue, 2004-02-03 at 23:16, P.R. wrote:
> Hi
> 
> I want to know if sshd uses the tcpwrappers (hosts.allow etc)
> functionality by default = when following the book.
> 
> There is a switch in the configure-script:  --with-tcp-wrappers.
> I think it wouldnt be there if not needed, so I don't think sshd will
> NOT utilize tcpd, unless I recompile it again.
> 
> Is this right or wrong?
> 
> I found this message from last July
> 
> http://archives.linuxfromscratch.org/mail-archives/blfs-support/2003-July/031854.html
> 
> and I think even more I have to recompile and reinstall sshd again :-/
> 
> I also think it should be at least mentioned with one short one sentence
> in the book, because this is a basic feature.
> 
> Greetings
> Peter

Personally, using tcp-wrappers with sshd is a BadThing (TM).  TCP
wrappers works by wrapping the binary by the tcpd program in inetd - and
sshd shouldn't EVER be run via inetd - I forget the details, but
something about excessive key generation or something to that effect -
you can definately find more information on the web about it.

Or, I suppose I could be completely misunderstanding how tcp-wrappers
works, and might be way off base.

-J-




More information about the blfs-support mailing list