Hello,
The error is in the hosts.deny file.
It should be:
ALL: ALL
Not
ALL: PARANOID
The "PARANOID" "client" is described thusly in the man page (hosts_access):
"Matches any host whose name does not match its address."
This means if the host is in the DNS server, it will happily connect.
On Wed, Nov 01, 2006 at 05:00:16PM -0500, Rob Munsch wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Justin Pryzby wrote:
>
> > You do realize that /etc/hosts.allow is checked before hosts.deny?
>
> yes, that's why i added my office's IP to hosts.allow before setting up
> denyhosts;
On Wed, Nov 01, 2006 at 03:43:06PM -0500, Rob Munsch wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Yes, i understand the hosts.deny syntax. Here's a sample of the file:
>
> ALL: 59.124.63.98
> ALL: 61.187.78.23
>
> sshd: 216.75.32.2
> sshd: 222.122.56.141
>
> ...
>
> I have som
Could you post a complete copy of /etc/hosts.deny as an attachment? I'm
thinking that perhaps it contains a non-displayable character which is
confusing libwrap... a long shot, admittedly, but I've seen this sort of
thing in the past.
Also, what platform is the affected server?
signature.asc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I was really sort of hoping someone would find similar behaviour. nuts.
I will check around the affected servers and see what else they have in
common. What's stranger is i was fairly certain that this was working
correctly some time ago, but all cur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yes, i understand the hosts.deny syntax. Here's a sample of the file:
ALL: 59.124.63.98
ALL: 61.187.78.23
sshd: 216.75.32.2
sshd: 222.122.56.141
...
I have something called DenyHosts which looks at auth.log, checks for X
number of bogus login atte
Package: openssh-server
Followup-For: Bug #395535
I've tried reproducing this with two versions (p2-3 and p2-5) of the
openssh-server package,
and the example provided by Greg Morris works fine with both versions.
However, the original poster reported this not working (i.e. the connectio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
By the by, these are production systems. "Just install X from sid" is
not really a viable option. :)
- --
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greg Norris wrote:
> I just checked this using version 1:4.3p2-5.1 from sid, and it appears
> to be working as expected.
>
>[EMAIL PROTECTED] tail -2 /etc/hosts.deny
>ALL EXCEPT sshd: PARANOID
>sshd: 127.0.0.1
>
>[EMAIL PROTECTED] s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: openssh-server
Version: 1:4.3p2-5
Since i upgraded away from the old, presumably obsolete, version, and
the issue still persists, should i refile the bug and close this one?
As it stands it looks like a bug in an old version, and will probabl
I just checked this using version 1:4.3p2-5.1 from sid, and it appears
to be working as expected.
[EMAIL PROTECTED] tail -2 /etc/hosts.deny
ALL EXCEPT sshd: PARANOID
sshd: 127.0.0.1
[EMAIL PROTECTED] ssh localhost
ssh_exchange_identification: Connection closed by remote host
Aft
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Version: 1:4.3p2-5
Just in case, i upgraded openssh-server
No effect, behaviour remains the same.
- --
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using Gn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: openssh-server
Version: 1:4.3p2-2
Despite being apparently linked against libwrap, the server is not
honoring entries in hosts.deny. I tested this: added 127.0.0.1 to
hosts.deny, ssh localhost, it allows the connection.
I am using DenyHosts
13 matches
Mail list logo
