I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1 server. But when I try to test it from an IP outside my LAN, it still allows ssh logins. I even put in a line in hosts.allow to explicitly deny the IP I was ssh'ing from, but it still let me in. The behavior gives the appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow file is ignored. Is there something I need to do to enable the wrappers in sshd? I saw that there is a compile option for the portable source from openssh.org, so I wonder if there is some compile option that needs to be enabled in make.conf? I have gone through the documentation for sshd_config, sshd, make.conf, etc. but am not finding anything to change. -Derek At 07:37 AM 9/19/2004, Terry wrote: >I had the same problem so i setup up hosts.allow to only allow access from >certain ips i require >This has the affect of killing the connection from any other ip befor >gettign to any login prompt >example below >sshd : localhost : allow >sshd : 192.168.2. : allow >sshd : 82.41.115.213 :allow >sshd : 216.123.248.219 : allow <-- public ip i wish to allow of course i >have changed it >sshd : all : deny > >This then shows in log instead of failed login attempts > >dot.blah.co.uk refused connections: >Sep 17 22:11:55 dlt sshd[35669]: refused connect from >usen-219x113x213x21.ap-US.usen.ad.jp (219.113.213.21) > >Regards Terry > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"