I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1
server. But when I try to test it from an IP outside my LAN, it still
allows ssh logins. I even put in a line in hosts.allow to explicitly deny
the IP I was ssh'ing from, but it still let me in. The behavior gives the
appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow
file is ignored.
Is there something I need to do to enable the wrappers in sshd? I saw that
there is a compile option for the portable source from openssh.org, so I
wonder if there is some compile option that needs to be enabled in make.conf?
I have gone through the documentation for sshd_config, sshd, make.conf,
etc. but am not finding anything to change.
-Derek
At 07:37 AM 9/19/2004, Terry wrote:>I had the same problem so i setup up hosts.allow to only allow access from
>certain ips i require
>This has the affect of killing the connection from any other ip befor
>gettign to any login prompt
>example below
>sshd : localhost : allow
>sshd : 192.168.2. : allow
>sshd : 82.41.115.213 :allow
>sshd : 216.123.248.219 : allow <-- public ip i wish to allow of course i
>have changed it
>sshd : all : deny
>
>This then shows in log instead of failed login attempts
>
>dot.blah.co.uk refused connections:
>Sep 17 22:11:55 dlt sshd[35669]: refused connect from
>usen-219x113x213x21.ap-US.usen.ad.jp (219.113.213.21)
>
>Regards Terry
>
>
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"