>>> [EMAIL PROTECTED] 04/21/02 02:31AM >>>
[ Please trim irrelevant content from your replies. It makes reading them
(and reading list archives) easier for all. Thanks. ]
On 20:32 20 Apr 2002, Ian Hendershot <[EMAIL PROTECTED]> wrote:
| | Choose Open.
| | If I choose
| | close window on exit: never
| | I get "connection closed by remote host".
[...]
| Ok, this looks like it may be tcpwrappers. Do you have anything (other
| than comments) in your /etc/hosts.allow and /etc/hosts.deny files?
[...]
| In hosts.allow;
| There is a line that says "in.fingerd : ALL : DENY
| and a line that says:
| ALL : ALL : spawn (usr/sbin/safe_finger -l @h | /bin/mail -s "Port Denial noted
| %d-%h" root) & : DENY
|
| hosts.deny is all comments.
| I tried the tail -f messages but I still get "cnnection closed
| by remote host" with no messages
Ok, just looking at the "ALL : ALL..." line, go have a look at root's mail
file for messages with subject "Port Denial noted ...".
It looks like you want to add a line to /etc/hosts.allow. Let us read
in the manual together, starting at "man 5 hosts.allow":
ACCESS CONTROL FILES
The access control software consults two files. The search
stops at the first match:
. Access will be granted when a (daemon,client) pair
matches an entry in the /etc/hosts.allow file.
. Otherwise, access will be denied when a (daeˇ
mon,client) pair matches an entry in the
/etc/hosts.deny file.
. Otherwise, access will be granted.
A non-existing access control file is treated as if it
were an empty file. Thus, access control can be turned off
by providing no access control files.
So you could ditch (or empty) the /etc/hosts.{deny,allow} files,
or add a line to hosts.allow. For the exercise, let's do the latter.
Under the above part is "ACCESS CONTROL RULES", and point 3 says:
. All other lines should satisfy the following forˇ
mat, things between [] being optional:
daemon_list : client_list [ : shell_command ]
daemon_list is a list of one or more daemon process names
(argv[0] values) or wildcards (see below).
client_list is a list of one or more host names, host
addresses, patterns or wildcards (see below) that will be
matched against the client host name or address.
So: we want the ssh daemon's name ("sshd") and a client list,
for which we can say "ALL" because ssh should do adequate authentication
for us, say try adding:
sshd : ALL
to the file /etc/hosts.allow, and then retry.
| the last line on the linux box is webserver sshd: succeeded
| for what that's worth
Probably just means the daemon started up ok at boot.
| Now I did the netstat -an | grep 22 and recieved exactly what you said
Good - the daemon is there.
| then I did the telnet local host 22 and got almost exactly what you said
| except the last line says;
| > telnet localhost 22
| Trying 127.0.0.1...
| Connected to localhost.
| Escape character is '^]'.
| Connection closed by foreign host.
| instead of;
| SSH-1.99-OpenSSH_3.1p1
Yes, this is the characteristic sign of a tcp_wrappers access issue.
With a firewall rule you'll get your connection rejected, and likewise
with the daemon not being active. Tcp_wrappers are used to validate
connections _after_ connection - they work on machines without firewall
rules, and represent another layer of defense. After connection, the
access control files cited above are consulted to see if we're prepared
to talk to this client. If not, we just close the connect and don't run
the main daemon for this service at all, and the client sees a successful
connection immediately followed by a connect close.
Cheers,
--
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
I tried adding
sshd : ALL
to the file /etc/hosts.allow, and then retry.
but no luck, should maybe enter a line with the IP address on the
remote computer???
***********************************************************************
This message is a private communication. If you are not the intended
recipient, please do not read, copy, or use it, and do not disclose it
to others. Please notify the sender of the delivery error by replying
to this message, and then delete it from your system. Thank you.
---------------------------------------------------------------------
Visit http://www.ballfoundation.org for our latest news.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
