[OpenIndiana-discuss] Does OpenIndiana's sshd obeys TCP wrappers?
Michal Nowak
mnowak at startmail.com
Fri Dec 28 15:24:03 UTC 2018
On 12/23/18 11:39 AM, Hubert Garavel wrote:
>
> By default, support for TCP wrappers was removed from OpenSSH, unless
> it is compiled with the proper option. This seems to be indeed the case
> for OI's sshd:
>
> # ldd /usr/lib/ssh/sshd
> libwrap.so.1 => /usr/lib/64/libwrap.so.1
>
> However, after setting "/etc/hosts.deny" to "ALL: ALL" and
> "/etc/hosts.allow" to a single line "sendmail: localhost",
> sshd still accepts incoming connections from other hosts,
> whereas such incoming SSH connections should be blocked by
> the TCP wrappers.
>
> Any idea?
Hello Hubert,
looking at the patch which restores tcp-wrapper support in OpenSSH
(upstream removed it in v6.7), it seems to me that tcp-wrapper is used
only when sshd was started via inetd. Did you try that? (As I don't know
how to do that, I can't verify this assumption.)
Is anyone using tcp-wrapper support in OpenSSH?
Unless someone speaks up, I am inclined to remove the tcp-wrapper
support restoration patch (as OmniOS did).
Michal
More information about the openindiana-discuss
mailing list