From owner-freebsd-security  Sun Jul 23  8:28: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ff.dsu.dp.ua (ff.dsu.dp.ua [194.44.184.254])
	by hub.freebsd.org (Postfix) with ESMTP id 705F437B925
	for <freebsd-security@FreeBSD.ORG>; Sun, 23 Jul 2000 08:27:51 -0700 (PDT)
	(envelope-from dmitry@digital.dp.ua)
Received: from localhost (dmitry@localhost)
	by ff.dsu.dp.ua (8.9.3/8.9.3) with ESMTP id SAA30791;
	Sun, 23 Jul 2000 18:28:08 +0300 (EEST)
	(envelope-from dmitry@digital.dp.ua)
Date: Sun, 23 Jul 2000 18:28:06 +0300 (EEST)
From: Dmitry Pryanishnikov <dmitry@digital.dp.ua>
X-Sender: dmitry@ff.dsu.dp.ua
To: Paul Boehmer <pboehmer@seidata.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ssh2 bypasses host.allow in /etc/login.conf?
In-Reply-To: <Pine.BSF.4.10.10007230929380.3565-100000@shell.seidata.com>
Message-ID: <Pine.BSF.4.21.0007231730360.13036-100000@ff.dsu.dp.ua>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



Hello!

On Sun, 23 Jul 2000, Paul Boehmer wrote:
> You need to compile ssh2 with tcpwrapper support in order to user the
> host.allow file, it is cleary stated in the documentation.
  ^^^^^^^^^^^^^^^
 Maybe I've missed something, but I mean NOT a file host.allow, but the
BSD-native login class restrictions written in /etc/login.conf, which
checked with auth_hostok() (or login_getclass()/login_getcapstr() as
in sshd.c from ssh1). Of course, make WITH_TCPWRAP=yes doesn't help!


Sincerely, Dmitry

Dnipropetrovsk State University,        E-mail:  dmitry@digital.dp.ua
Physical Faculty,                       WWW:      http://ff.dsu.dp.ua
Department of Experimental Physics      
Dnipropetrovsk, Ukraine                 FTP:  ftp://digital.dp.ua/DEC





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message