From owner-freebsd-security Mon Jul 24 6:13:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from ff.dsu.dp.ua (ff.dsu.dp.ua [194.44.184.254]) by hub.freebsd.org (Postfix) with ESMTP id EB24E37BA78 for ; Mon, 24 Jul 2000 06:12:36 -0700 (PDT) (envelope-from dmitry@digital.dp.ua) Received: from localhost (dmitry@localhost) by ff.dsu.dp.ua (8.9.3/8.9.3) with ESMTP id QAA45625; Mon, 24 Jul 2000 16:12:07 +0300 (EEST) (envelope-from dmitry@digital.dp.ua) Date: Mon, 24 Jul 2000 16:12:06 +0300 (EEST) From: Dmitry Pryanishnikov X-Sender: dmitry@ff.dsu.dp.ua To: Mike Hoskins Cc: Paul Boehmer , freebsd-security@FreeBSD.ORG Subject: Re: ssh2 bypasses host.allow in /etc/login.conf? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! On Sun, 23 Jul 2000, Mike Hoskins wrote: > On Sun, 23 Jul 2000, Dmitry Pryanishnikov wrote: > > > Maybe I've missed something, but I mean NOT a file host.allow, but the > > BSD-native login class restrictions written in /etc/login.conf, which > > checked with auth_hostok() (or login_getclass()/login_getcapstr() as > > in sshd.c from ssh1). Of course, make WITH_TCPWRAP=yes doesn't help! > > So... are these methods also in ssh2's .c file? Just curious... As Paul I haven't found them there ;( > 2. Maybe this is just a case of getting bitten by this fact. Have you > tried OpenSSH? A much better solution, IMCO. Sorry, I don't have sufficient time now, maybe later I'll try.. Sincerely, Dmitry Dnipropetrovsk State University, E-mail: dmitry@digital.dp.ua Physical Faculty, WWW: http://ff.dsu.dp.ua Department of Experimental Physics Dnipropetrovsk, Ukraine FTP: ftp://digital.dp.ua/DEC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message