On Fri, 2004-Sep-24 08:22:12 -0500, Derek Ragona wrote: >I tried to implement a similar scheme in my hosts.allow on a FreeBSD 5.2.1 >server. But when I try to test it from an IP outside my LAN, it still >allows ssh logins. I even put in a line in hosts.allow to explicitly deny >the IP I was ssh'ing from, but it still let me in. The behavior gives the >appearance that TCP wrappers are not enabled, and thus the /etc/hosts.allow >file is ignored. > >Is there something I need to do to enable the wrappers in sshd? I saw that >there is a compile option for the portable source from openssh.org, so I >wonder if there is some compile option that needs to be enabled in >make.conf? Depending on how TCP wrappers are integrated into SSH, one possibility is that you need /var/empty/etc/hosts.{allow,deny} -- Peter Jeremy _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"