Problem with openssh-4.0p1 and tcp wrappers on RH7.2(Scyld)

Dan Yefimov dan at
Tue Apr 19 23:45:37 EST 2005

On Mon, 18 Apr 2005, Bengt Svensson wrote:

> Once the problem with the typo's has been clarified. Any suggestions why 
> openssh-4.0p1 will not work with tcpwrappers? What else could I have 
> missed? How can I troubelshoot this further?
It doesn't work since while using privilege separation unprivileged part 
interacting with a client and checking access premissions runs in a chroot'ed 
environment where /etc/hosts.{allow,deny} don't exist. There are 2 different 
solutions: either disable privilege separation, or copy meantioned files under 
/var/empty/etc. Generally speaking, privilege separation breaks many things, 
which was noticed many times on this list by different people, so unless you 
absolutely need it disable it.
> My purpose for installing openssh-4.0p1 replacing openssh-3.1p1 is to 
> improve security. However, since I cannot get the tcpwrappers to work with 
> openssh-4.0p1 on our RH7.2 (Scyld) system. I may be better off reverting 
> back to openssh-3.1p1 where tcpwrappers works.
As it was noticed above, there's no need for that.

    Sincerely Your, Dan.

More information about the openssh-unix-dev mailing list