You are not logged in.

Pages: 1

#1 2012-01-27 19:04:51

snwiem
Member
Registered: 2012-01-27
Posts: 6

[SOLVED] sshd: hosts.deny, hosts.allow not recognized

Hi,

just installed a brand new version of 2011.08.19 as netinstall.
All packages are completely up-to-date (pacman -Syu).

If've installed sshd and configured it as desribed in the wiki page https://wiki.archlinux.org/index.php/OpenSSH.
The server is up and running and i can connect using putty within the local network.

Next i wanted to restrict the access to sshd, so as usual i created an /etc/hosts.deny which contains the line

ALL: ALL

as described in https://wiki.archlinux.de/title/Hosts.deny.

Even after a reboot of the server machine I still can ssh using Putty to this machine. A hosts.allow is not available btw.

So it seams that hosts.* is not recognized anymore.

Any suggestions what the problem could be ?

Kind regards
Sebastian

Last edited by snwiem (2012-01-27 19:57:38)

Offline

#2 2012-01-27 19:10:03

Earnestly
Member
Registered: 2011-08-18
Posts: 805

Re: [SOLVED] sshd: hosts.deny, hosts.allow not recognized

Did you even read the text at the very top of the wiki page you linked?

Hinweis: Die Unterstützung des seit 1997 nicht mehr weiterentwickelten Systemprogramms tcp_wrappers wird eingestellt. hosts.deny (sowie als auch hosts.allow) werden dann nicht mehr Unterstützt. Es wird empfohlen, stattdessen iptables zu verwenden.

Roughly: hosts.deny and hosts.allow are no longer supported, use iptables instead.

Edit: Also have a look here: http://www.archlinux.org/news/dropping- … s-support/

tcp_wrappers support is being dropped from all packages and the package removed from [core]. This is due to upstream not having released a new version since April 1997. Additionally, newer daemons and applications are inconsistent in their support for libwrap, leading to confusion as to whether an application supports the library.

If you currently use /etc/hosts.allow or /etc/hosts.deny for security or logging purposes, you will need to adjust accordingly and use another tool such as iptables, or other firewall helper programs.

Additionally, the denyhosts package will be dropped as it depends on tcp_wrappers to enforce the banned hosts list. A useful alternative is fail2ban.

Last edited by Earnestly (2012-01-27 19:14:44)

Offline

#3 2012-01-27 19:14:39

SS4
Member
From: !Rochford, Essex
Registered: 2010-12-05
Posts: 699

Re: [SOLVED] sshd: hosts.deny, hosts.allow not recognized

/etc/hosts.* is depreciated. Arch blocks everything which isn't whitelisted.

sshd:192.168.1.12 # laptop - insert the remote machine's IP address in here

Rauchen verboten

Offline

#4 2012-01-27 19:59:39

snwiem
Member
Registered: 2012-01-27
Posts: 6

Re: [SOLVED] sshd: hosts.deny, hosts.allow not recognized

Thank you. Using iptables fixed my problem (and I'm still astonished that this isn't supported since 2011-07 anymore wink)

Last edited by snwiem (2012-01-27 20:00:40)

Offline

#5 2012-01-27 20:44:39

Earnestly
Member
Registered: 2011-08-18
Posts: 805

Re: [SOLVED] sshd: hosts.deny, hosts.allow not recognized

It hasn't been "supported" since 1997. tongue

Offline

Pages: 1

Board footer

Powered by FluxBB