From owner-freebsd-questions@FreeBSD.ORG  Thu Sep 28 16:22:32 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1CD6F16A40F
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Sep 2006 16:22:32 +0000 (UTC)
	(envelope-from robin@reportlab.com)
Received: from relay00.pair.com (relay00.pair.com [209.68.5.9])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3DE5C43D5D
	for <freebsd-questions@freebsd.org>;
	Thu, 28 Sep 2006 16:22:30 +0000 (GMT)
	(envelope-from robin@reportlab.com)
Received: (qmail 50933 invoked from network); 28 Sep 2006 16:22:30 -0000
Received: from unknown (HELO ?192.168.0.3?) (unknown)
	by unknown with SMTP; 28 Sep 2006 16:22:30 -0000
X-pair-Authenticated: 217.196.247.135
Message-ID: <451BF6D3.7000901@chamonix.reportlab.co.uk>
Date: Thu, 28 Sep 2006 17:22:43 +0100
From: Robin Becker <robin@reportlab.com>
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: denyhosts problems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2006 16:22:32 -0000

I'm trying to get denyhosts-2.5 to work in 6.0 and have inserted a line in 
hosts.allow


ALL: xxx.myoffice.com : allow
sshd: /etc/hosts.deniedssh : deny
ALL: ALL : allow

but am finding that this causes my home ip to be denied even though I log in 
with a pre-shared key.

The /etc/hosts.deniedssh file is being created, but my home ip is not present 
(it would be hard as I have a dynamically allocated one anyhow).

The hosts.deniedssh file contains entries like

.......
ALL: 61.219.xx.250 : deny
ALL: 209.8.xx.242 : deny
.......

I am getting an error in the auth log related to the denial that looks like this
/etc/hosts.allow, line 24: can't verify hostname: getaddrinfo(xxx-yyy-......, 
AF_INET)

where /etc/hosts.allow line24 corresponds to the

sshd: /etc/hosts.deniedssh : deny

line in hosts.allow.

I have the same setup in 6.1 and it seems to work. But I still see messages 
related to line 24 from that setup. Does denyhosts work properly?
-- 
Robin Becker