sshd and tcpwrappers
gropie-rubble at gmx.de
Wed Feb 4 00:21:39 PST 2004
* Personally, using tcp-wrappers with sshd is a BadThing (TM). TCP
* wrappers works by wrapping the binary by the tcpd program in inetd - and
* sshd shouldn't EVER be run via inetd - I forget the details, but
* something about excessive key generation or something to that effect -
* you can definately find more information on the web about it.
It's in the link I posted, too:
* Or, I suppose I could be completely misunderstanding how tcp-wrappers
* works, and might be way off base.
I now begin to understand tcpwarappers a little better:
I think you are basically right, but in this case wrong ;-)
Usually tcpd handles only services started by inetd/xinetd. It doesnt
handle portmapper and standalone services.
BUT I found this resosurce:
sshd is an exception as it uses libwrap directly -> I think it doesn't
use tcpd, but only the library to read hosts.allow and hosts.deny
That means to me I will have to recompile openssh.
Wish me luck ;)
Oh and I think this really should be included in the book.
More information about the blfs-support