From owner-freebsd-questions@FreeBSD.ORG  Wed May  7 09:31:24 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 536DA37B401
	for <freebsd-questions@freebsd.org>;
	Wed,  7 May 2003 09:31:24 -0700 (PDT)
Received: from chimera.noanet.net (chimera.noanet.net [66.119.192.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 731D343F75
	for <freebsd-questions@freebsd.org>;
	Wed,  7 May 2003 09:31:23 -0700 (PDT)
	(envelope-from mksmith@noanet.net)
Received: from [64.81.189.2] (mks733.mks.noanet.net [64.81.189.2])
	by chimera.noanet.net (8.12.8p1/8.12.8) with SMTP id h47GV6Ow070920;
	Wed, 7 May 2003 09:31:06 -0700 (PDT)
User-Agent: Microsoft-Entourage/10.1.1.2418
Date: Wed, 07 May 2003 09:31:00 -0700
From: "Michael K. Smith" <mksmith@noanet.net>
To: Dan Nelson <dnelson@allantgroup.com>
Message-ID: <BADE82D4.10527%mksmith@noanet.net>
In-Reply-To: <20030507155409.GK63345@dan.emsphone.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: Where is tcpd?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2003 16:31:24 -0000

On 5/7/03 8:54 AM, "Dan Nelson" <dnelson@allantgroup.com> wrote:

> In the last episode (May 07), Michael K. Smith said:
>> Then I must have a misconfiguration somewhere.  Here's what my
>> inetd.conf entry looks like:
>> 
>> ssh  stream  tcp  nowait  root /usr/sbin/sshd  sshd -I
>> 
>> And here is my inetd process:
>> 
>> root    16368  0.0  0.3  1076  812  ??  Is    7:50AM   0:00.01
>> /usr/sbin/inetd -wW
>> 
>> And my /etc/hosts.allow entry:
>> 
>> sshd : .noanet.net
>> 
>> But, when I run tcpdchk, I get:
>> 
>> warning: /etc/hosts.allow, line 23: sshd: service possibly not wrapped
> 
> Tcpdchk doesn't know if you're running inetd with the -w flag, so it
> says 'possibly not wrapped'.  Since you are running with -w, you can
> ignore it.
> 
> Also, I don't think sshd takes a -I argument.  Why not just run it on
> startup (sshd_enable="YES" in /etc/rc.conf)?  sshd has tcp-wrapper
> support builtin too, so you shouldn't need to launch a new copy from
> inetd on every connect.

I was originally trying to do that.  I'm running OpenSSH 3.6.1p2 with
libwrap and tcp-wrappers configured, but it doesn't seem to read the
hosts.allow file (since I can connect from any where).  Thus, I thought I
would try the inetd model to see if that worked.

If I remove the -i in inetd.conf it doesn't work at all, even from allowed
hosts.

Mike
-- 
Michael K. Smith          NoaNet
206.219.7116 (work)       206.579.8360 (cell)
mksmith@noanet.net        http://www.noanet.net