sshd and tcpwrappers
jeremy at linuxfromscratch.org
Wed Feb 4 00:38:33 PST 2004
On Wed, 2004-02-04 at 00:21, P.R. wrote:
> * Personally, using tcp-wrappers with sshd is a BadThing (TM). TCP
> * wrappers works by wrapping the binary by the tcpd program in inetd - and
> * sshd shouldn't EVER be run via inetd - I forget the details, but
> * something about excessive key generation or something to that effect -
> * you can definately find more information on the web about it.
> It's in the link I posted, too:
> * Or, I suppose I could be completely misunderstanding how tcp-wrappers
> * works, and might be way off base.
> I now begin to understand tcpwarappers a little better:
> I think you are basically right, but in this case wrong ;-)
> Usually tcpd handles only services started by inetd/xinetd. It doesnt
> handle portmapper and standalone services.
> BUT I found this resosurce:
> sshd is an exception as it uses libwrap directly -> I think it doesn't
> use tcpd, but only the library to read hosts.allow and hosts.deny
> That means to me I will have to recompile openssh.
> Wish me luck ;)
> Oh and I think this really should be included in the book.
If you compiled tcp-wrappers before you compiled openssh, it might have
detected it and enabled it already - try doing a ldd on the sshd binary,
and see if it is linked to libwrap.
More information about the blfs-support