Problem with openssh-4.0p1 and tcp wrappers on RH7.2(Scyld)
Dan Yefimov
dan at lightwave.net.ru
Tue Apr 19 23:45:37 EST 2005
On Mon, 18 Apr 2005, Bengt Svensson wrote:
> Once the problem with the typo's has been clarified. Any suggestions why
> openssh-4.0p1 will not work with tcpwrappers? What else could I have
> missed? How can I troubelshoot this further?
>
It doesn't work since while using privilege separation unprivileged part
interacting with a client and checking access premissions runs in a chroot'ed
environment where /etc/hosts.{allow,deny} don't exist. There are 2 different
solutions: either disable privilege separation, or copy meantioned files under
/var/empty/etc. Generally speaking, privilege separation breaks many things,
which was noticed many times on this list by different people, so unless you
absolutely need it disable it.
>
> My purpose for installing openssh-4.0p1 replacing openssh-3.1p1 is to
> improve security. However, since I cannot get the tcpwrappers to work with
> openssh-4.0p1 on our RH7.2 (Scyld) system. I may be better off reverting
> back to openssh-3.1p1 where tcpwrappers works.
>
As it was noticed above, there's no need for that.
--
Sincerely Your, Dan.
More information about the openssh-unix-dev
mailing list