Date: Mon, 24 Jul 2000 10:10:08 +0200 From: "Victor Ivanov" <v0rbiz@icon-bg.net> To: <freebsd-security@FreeBSD.ORG> Subject: Re: ssh2 bypasses host.allow in /etc/login.conf? Message-ID: <004601bff546$9cfe71a0$03c507d4@icon1.icon-bg.net>
next in thread | raw e-mail | index | archive | help
| | On Sun, 23 Jul 2000, Dmitry Pryanishnikov wrote: | | > Maybe I've missed something, but I mean NOT a file host.allow, but the | > BSD-native login class restrictions written in /etc/login.conf, which | > checked with auth_hostok() (or login_getclass()/login_getcapstr() as | > in sshd.c from ssh1). Of course, make WITH_TCPWRAP=yes doesn't help! | | So... are these methods also in ssh2's .c file? Just curious... As Paul | mentioned, not all version 1 features were carried over to version | 2. Maybe this is just a case of getting bitten by this fact. Have you | tried OpenSSH? A much better solution, IMCO. | I can do some tests with OpenSSH if you want (rushing out the door | ATM). I usually always use /etc/hosts.allow to control access anyhow, | because a CGI (allowing me to add hosts to hosts.allow from an SSL | webpage) I wrote points to it and I'm too lazy to change it. ;) | | -mrh login.conf is for login. It is no good if a program depend on another program's config file which is subject to change... (i think) maybe ssh2 does not use login? like openssh? or it is enabled with some option? is there 'UseLogin' option in the ssh2 config file (or something like?) hafe fun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004601bff546$9cfe71a0$03c507d4>