You are not logged in.
Hi,
just installed a brand new version of 2011.08.19 as netinstall.
All packages are completely up-to-date (pacman -Syu).
If've installed sshd and configured it as desribed in the wiki page https://wiki.archlinux.org/index.php/OpenSSH.
The server is up and running and i can connect using putty within the local network.
Next i wanted to restrict the access to sshd, so as usual i created an /etc/hosts.deny which contains the line
ALL: ALL
as described in https://wiki.archlinux.de/title/Hosts.deny.
Even after a reboot of the server machine I still can ssh using Putty to this machine. A hosts.allow is not available btw.
So it seams that hosts.* is not recognized anymore.
Any suggestions what the problem could be ?
Kind regards
Sebastian
Last edited by snwiem (2012-01-27 19:57:38)
Offline
Did you even read the text at the very top of the wiki page you linked?
Hinweis: Die Unterstützung des seit 1997 nicht mehr weiterentwickelten Systemprogramms tcp_wrappers wird eingestellt. hosts.deny (sowie als auch hosts.allow) werden dann nicht mehr Unterstützt. Es wird empfohlen, stattdessen iptables zu verwenden.
Roughly: hosts.deny and hosts.allow are no longer supported, use iptables instead.
Edit: Also have a look here: http://www.archlinux.org/news/dropping- … s-support/
tcp_wrappers support is being dropped from all packages and the package removed from [core]. This is due to upstream not having released a new version since April 1997. Additionally, newer daemons and applications are inconsistent in their support for libwrap, leading to confusion as to whether an application supports the library.
If you currently use /etc/hosts.allow or /etc/hosts.deny for security or logging purposes, you will need to adjust accordingly and use another tool such as iptables, or other firewall helper programs.
Additionally, the denyhosts package will be dropped as it depends on tcp_wrappers to enforce the banned hosts list. A useful alternative is fail2ban.
Last edited by Earnestly (2012-01-27 19:14:44)
Offline
/etc/hosts.* is depreciated. Arch blocks everything which isn't whitelisted.
sshd:192.168.1.12 # laptop - insert the remote machine's IP address in here
Rauchen verboten
Offline
Thank you. Using iptables fixed my problem (and I'm still astonished that this isn't supported since 2011-07 anymore )
Last edited by snwiem (2012-01-27 20:00:40)
Offline
It hasn't been "supported" since 1997.
Offline