TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:3567] More Security Questions...



On 21 Jan, Hans Davin Umhoefer wrote:
> Scott K. Johnson wrote:
>> When you guys say you block other ports, do you simply comment out the
>> corresponding entry in /etc/services?  Or is there more to it than that?
>> 
>> >From what I understand (no smart remarks...8p), tcp wrappers are used with
>> services like ftp, telnet, etc.  Can they be used with ssh?  How does that
>> relationship work?
> 
> I use tcpwrappers with ssh. I had to run the daemons through inetd though. It's not too hard. ssh runs on port 22 by default. Just add this into /etc/services
> 
> ssh	22/tcp
> 
> and this into /etc/inetd.conf
> 
> ssh     stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/local/sbin/sshd1 -i
> 
> type
> 
> restart inetd and sshd should be started when a request comes in. Make sure you do not try to run sshd from the shell or one of the rc files. Now you will be able to control ssh access using the /etc/hosts.* files. You should also get more detailed log entries.  
> 
You can also just make sure you compile ssh with tcpwrappers support
and you don't have to start it in inetd.conf.
-- 
Jon Schewe
schewe@tcfreenet.org
http://tcfreenet.org/~schewe