sshd and tcpwrappers

P.R. gropie-rubble at
Wed Feb 4 00:21:39 PST 2004


* Personally, using tcp-wrappers with sshd is a BadThing (TM).  TCP
* wrappers works by wrapping the binary by the tcpd program in inetd - and
* sshd shouldn't EVER be run via inetd - I forget the details, but
* something about excessive key generation or something to that effect -
* you can definately find more information on the web about it.

It's in the link I posted, too:

* Or, I suppose I could be completely misunderstanding how tcp-wrappers
* works, and might be way off base.

I now begin to understand tcpwarappers a little better:
I think you are basically right, but in this case wrong ;-)

Usually tcpd handles only services started by inetd/xinetd. It doesnt
handle portmapper and standalone services.

BUT I found this resosurce:

sshd is an exception as it uses libwrap directly -> I think it doesn't
use tcpd, but only the library to read hosts.allow and hosts.deny

That means to me I will have to recompile openssh.
Wish me luck ;)

Oh and I think this really should be included in the book.


More information about the blfs-support mailing list