Date: Sun, 23 Jul 2000 15:26:37 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: Dmitry Pryanishnikov <dmitry@digital.dp.ua> Cc: Paul Boehmer <pboehmer@seidata.com>, freebsd-security@FreeBSD.ORG Subject: Re: ssh2 bypasses host.allow in /etc/login.conf? Message-ID: <Pine.BSF.4.21.0007231523050.21380-100000@snafu.adept.org> In-Reply-To: <Pine.BSF.4.21.0007231730360.13036-100000@ff.dsu.dp.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Jul 2000, Dmitry Pryanishnikov wrote: > Maybe I've missed something, but I mean NOT a file host.allow, but the > BSD-native login class restrictions written in /etc/login.conf, which > checked with auth_hostok() (or login_getclass()/login_getcapstr() as > in sshd.c from ssh1). Of course, make WITH_TCPWRAP=yes doesn't help! So... are these methods also in ssh2's .c file? Just curious... As Paul mentioned, not all version 1 features were carried over to version 2. Maybe this is just a case of getting bitten by this fact. Have you tried OpenSSH? A much better solution, IMCO. I can do some tests with OpenSSH if you want (rushing out the door ATM). I usually always use /etc/hosts.allow to control access anyhow, because a CGI (allowing me to add hosts to hosts.allow from an SSL webpage) I wrote points to it and I'm too lazy to change it. ;) -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007231523050.21380-100000>