Date: Sun, 23 Jul 2000 09:35:41 -0400 (EDT) From: Paul Boehmer <pboehmer@seidata.com> To: Dmitry Pryanishnikov <dmitry@digital.dp.ua> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh2 bypasses host.allow in /etc/login.conf? Message-ID: <Pine.BSF.4.10.10007230929380.3565-100000@shell.seidata.com> In-Reply-To: <Pine.BSF.4.21.0007231516570.10780-100000@ff.dsu.dp.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
You need to compile ssh2 with tcpwrapper support in order to user the host.allow file, it is cleary stated in the documentation. On a side note, I do miss the ssh1 options AllowUser and AllowGroup that did not make it to the ssh2 implmentation, that pretty much why I have stuck to ssh1 and openssh on most of my boxes. Paul Boehmer pboehmer@seidata.com On Sun, 23 Jul 2000, Dmitry Pryanishnikov wrote: > > Hello! > > I've just discovered that ssh2 on FreeBSD bypasses host.allow check in > /etc/login.conf while ssh1 does not! That is, I've added a user with a class > guest and added a login class guest into /etc/login.conf: > > guest:\ > :host.allow=192.168.18.*:\ > :tc=default: > > So I want to deny such user's login from any machine except one of our local > networks. I've checked telnet,ftp,rlogin,rsh,ssh1 - all those utilities > honoured login restriction. While ssh2 does not. > Is it known problem? Does the solution exist? > > > Sincerely, Dmitry > > Dnipropetrovsk State University, E-mail: dmitry@digital.dp.ua > Physical Faculty, WWW: http://ff.dsu.dp.ua > Department of Experimental Physics > Dnipropetrovsk, Ukraine FTP: ftp://digital.dp.ua/DEC > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10007230929380.3565-100000>