You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2008-02-12 22:30:03
- Vieira
- Member
- From: Lisbon, Portugal
- Registered: 2007-08-16
- Posts: 45
hosts.deny is ignored
Denyhosts is adding some IPs to the hosts.deny file as expected. However these IPs are still allowed to access ssh.
I've trying adding my own IP address to the file but still I could access to ssh and login, etc. I've also tested with other people and none of them was blocked. My hosts.allow file is empty and my hosts.deny is in the following form:
ALL: xxx.xxx.xxx.xxxThe only way to block access to ssh is adding this line to hosts.deny:
ALL: ALLThanks in advance for any help.
Offline
#2 2008-02-13 02:45:26
- quad3d@work
- Member
- From: Austin, TX
- Registered: 2006-12-29
- Posts: 81
- Website
Re: hosts.deny is ignored
Read up...
Offline
#3 2008-02-13 15:06:35
- Vieira
- Member
- From: Lisbon, Portugal
- Registered: 2007-08-16
- Posts: 45
Re: hosts.deny is ignored
I've read it before posting. What am I missing?
Offline
#4 2008-02-13 15:57:13
- jacko
- Member
- Registered: 2007-11-23
- Posts: 840
Re: hosts.deny is ignored
what am i missing?
15.2.3.2. Access Control
Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the allow or deny directive as the final option.
For instance, the following two rules allow SSH connections from client-1.example.com, but deny connections from client-2.example.com:
sshd : client-1.example.com : allow
sshd : client-2.example.com : denyBy allowing access control on a per-rule basis, the option field allows administrators to consolidate all access rules into a single file: either hosts.allow or hosts.deny. Some consider this an easier way of organizing access rules.
maybe u could try this? or maybe double check this...
If the last line of a hosts access file is not a newline character (created by pressing the [Enter] key), the last rule in the file will fail and an error will be logged to either /var/log/messages or /var/log/secure. This is also the case for a rule lines that span multiple lines without using the backslash.
in other words, press 'enter' twice after u enter the last rule.
Last edited by jacko (2008-02-13 16:08:02)
Offline
#5 2008-02-13 18:33:02
- Vieira
- Member
- From: Lisbon, Portugal
- Registered: 2007-08-16
- Posts: 45
Re: hosts.deny is ignored
I've tried the two things you suggested without success 
Any other idea?
Thanks for your help.
Offline
#6 2008-02-13 18:58:31
- jacko
- Member
- Registered: 2007-11-23
- Posts: 840
Re: hosts.deny is ignored
did u check the logs? probably the next place to start, logically.
Offline
#7 2008-02-14 03:32:18
- Pudge
- Arch Linux f@h Team Member
- Registered: 2006-01-23
- Posts: 300
Re: hosts.deny is ignored
I don't know if this will fix your problem or not, but it's worth a try.
I have found that if you leave the following line in /etc/ssh/sshd_config at the default value of:
ListenAddress 0.0.0.0in some cases this will cause tcpwrapper to ignore any commands in ssh, hosts.deny, and hosts.allow.
I always set ListenAddress to the local static IP address assigned to eth0 for that computer. In other words, you are telling the sshd Daemon to only listen for incoming messages with the IP address of this computer, and ignore any incoming messages with any other IP address. I set it as follows:
ListenAddress 192.168.0.XHere is a tutorial I wrote on SSH and SSHFS that could possibly give you some other things to try.
HTH
Pudge
Offline
Pages: 1