sshd and tcpwrappers

P.R. gropie-rubble at gmx.de
Wed Feb 4 00:21:39 PST 2004


Hi

* Personally, using tcp-wrappers with sshd is a BadThing (TM).  TCP
* wrappers works by wrapping the binary by the tcpd program in inetd - and
* sshd shouldn't EVER be run via inetd - I forget the details, but
* something about excessive key generation or something to that effect -
* you can definately find more information on the web about it.

It's in the link I posted, too:
http://archives.linuxfromscratch.org/mail-archives/blfs-support/2003-July/031854.html


* Or, I suppose I could be completely misunderstanding how tcp-wrappers
* works, and might be way off base.

I now begin to understand tcpwarappers a little better:
I think you are basically right, but in this case wrong ;-)

Usually tcpd handles only services started by inetd/xinetd. It doesnt
handle portmapper and standalone services.

BUT I found this resosurce:

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98336644426559&w=2

sshd is an exception as it uses libwrap directly -> I think it doesn't
use tcpd, but only the library to read hosts.allow and hosts.deny

That means to me I will have to recompile openssh.
Wish me luck ;)

Oh and I think this really should be included in the book.

Peter



More information about the blfs-support mailing list