sshd and tcpwrappers

Jeremy Utley jeremy at linuxfromscratch.org
Wed Feb 4 00:38:33 PST 2004


On Wed, 2004-02-04 at 00:21, P.R. wrote:
> Hi
> 
> * Personally, using tcp-wrappers with sshd is a BadThing (TM).  TCP
> * wrappers works by wrapping the binary by the tcpd program in inetd - and
> * sshd shouldn't EVER be run via inetd - I forget the details, but
> * something about excessive key generation or something to that effect -
> * you can definately find more information on the web about it.
> 
> It's in the link I posted, too:
> http://archives.linuxfromscratch.org/mail-archives/blfs-support/2003-July/031854.html
> 
> 
> * Or, I suppose I could be completely misunderstanding how tcp-wrappers
> * works, and might be way off base.
> 
> I now begin to understand tcpwarappers a little better:
> I think you are basically right, but in this case wrong ;-)
> 
> Usually tcpd handles only services started by inetd/xinetd. It doesnt
> handle portmapper and standalone services.
> 
> BUT I found this resosurce:
> 
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98336644426559&w=2
> 
> sshd is an exception as it uses libwrap directly -> I think it doesn't
> use tcpd, but only the library to read hosts.allow and hosts.deny
> 
> That means to me I will have to recompile openssh.
> Wish me luck ;)
> 
> Oh and I think this really should be included in the book.
> 
> Peter

If you compiled tcp-wrappers before you compiled openssh, it might have
detected it and enabled it already - try doing a ldd on the sshd binary,
and see if it is linked to libwrap.

-J-




More information about the blfs-support mailing list