Problem with openssh-4.0p1 and tcp wrappers on RH7.2(Scyld)

Bengt Svensson bsven at msi.umn.edu
Sat Apr 16 12:34:46 EST 2005 

I have tried to update openssh-3.1p1 of our system that uses RH7.2 (Scyld). 
I is pretty much a standard Redhat 7.2 install with openssl-0.9.6b, 
zlib-1.1.4 etc.

I have gotten openssh to work after some initial issues, but I still 
have not been able to get openssh/sshd to work with tcp-wrappers.

I have in hosts.deny
ALL: ALL:
and in hosts.allow
ALL: localhost, 127.0.0.1, 192.168.1.
and still I can connect with ssh from outside that allowed ip range. 
tcp-wrapper is working, anything else but ssh is blocked. 
On another machine that is running the same OS but with openssh-3.1p1 the 
blocking works.

What could be the problem? Why can't I block ssh logins?
Can someone explain to me what is going on and how I can improve the 
situation.


I followed the instructions in the INSTALL file and compiled a 
openssh-4.0p1 with the following options (to match the dirs of the 
previous version). The configure out put is attached.

$ ./configure --prefix= --sysconfdir=/etc/ssh 
--libexecdir=/usr/libexec/openssh --mandir=/usr/share/man 
--with-tcp-wrappers -with-md5-passwords
$ make
$ make install

To get things to work I had to perform the following steps that were not
described in the INSTALL file. I wish the INSTALL file would have been 
more thurough and mentioned this.

$ mkdir /var/empty
$ chown root:sys /var/empty
$ chmod 755 /var/empty
$ groupadd -g 74 sshd
$ useradd -g sshd -c 'Privilege-separated SSH' -u 74 -d /var/empty -s 
/bin/nologin sshd

I then restarted sshd with
$ /etc/init.d/sshd restart

or rebooted the system.


The previous version might have had PAM included, but when I add -with-pam 
to configure. I get some more warnings at compile and an error of 
something like 'Unsupported option' when sshd is restarted and when 
I have UsePAM yes in the sshd_config file.

Another issue I have found is that when enableing the 
'MaxAuthTries 3' option in sssh_config (as I have seen recommended) and 
restart sshd, I get the message 'Bad Configuration option' and sshd will 
not start.


I would appreciate any help.

Thanks,
 	Bengt Svensson

More information about the openssh-unix-dev mailing list