I just retested on FC3. The ssh that comes with the standard repos does honor the /etc/hosts.allow and /etc/hosts.deny files. I am not real familiar with the HOSTDENY program, but if it updates /etc/hosts.deny, ssh will honor it. The tcpwrappers program also checks /etc/hosts.deny and /etc/hosts.allow.
You can easily test this by hand.
Bob Styma
On 8/24/05, STYMA, ROBERT E (ROBERT) stymar@lucent.com wrote:
I just retested on FC3. The ssh that comes with the standard repos does honor the /etc/hosts.allow and /etc/hosts.deny files. I am not real familiar with the HOSTDENY program, but if it updates /etc/hosts.deny, ssh will honor it. The tcpwrappers program also checks /etc/hosts.deny and /etc/hosts.allow.
You can easily test this by hand.
What I did was the following:
(I am logged in via ssh on a remote host.)
1. Open /etc/hosts.deny 2. Add a line that reads "sshd: 127.0.0.1" 3. Save and exit 4. 'service sshd restart' 5. 'ssh localhost'
The document I linked to earlier says I should get the following message "ssh_exchange_identification: Connection closed by remote host". Instead I just get a new RSA key fingerprint message.
Am I doing something wrong or is there another way to test it?
Thanks, Chris.
Bob Styma
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
/etc/hosts.allow and /etc/hosts.deny files.
I just wanted to ask for a string for every of these both files that would serve the purposes these files are for. - As i read its mans and didn't get how to that myself...