OpenSSH and TCP Wrapper implement hosts block because AllowHosts/DenyHosts are
not allowed in sshd_config
[root@igloo /root]# uname -a
Linux igloo.its.unimacq.edu.au 2.2.17-14smp #1 SMP Mon Feb 5 15:48:47 EST 2001 i686 unknown
[root@igloo /root]# rpm -qa|grep tcp_wrappers
tcp_wrappers-7.6-15
[root@igloo /root]# rpm -qa|grep openssh
openssh-askpass-2.3.0p1-4
openssh-2.3.0p1-4
openssh-askpass-gnome-2.3.0p1-4
openssh-server-2.3.0p1-4
openssh-clients-2.3.0p1-4
in manual of sshd:
...
/etc/hosts.allow, /etc/hosts.deny
If compiled with LIBWRAP support, tcp-wrappers access controls
may be defined here as described in hosts_access(5).
...
[root@igloo /root]# cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL: ALL
[root@igloo /root]# cat /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL: igloo.its.unimacq.edu.au \
oscar.its.unimacq.edu.au
[root@igloo /root]# /etc/rc.d/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@igloo /root]# /etc/rc.d/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
The oscar can ssh to igloo. Otherwise,
[terrence@oscar terrence]$ ssh igloo
Connection closed by foreign host.
|