jpp at ...1565...
Tue Nov 6 14:05:04 EST 2001
Consensus seems to be to add sshd to inetd.conf (which I did not do)
The reason I even tried in the first place was that I had read somewhere
that xinetd and SSH did not play well together.
So, all I did was copy the inetd app from the older RH machine to the
newer ones, and added the sshd: lines to the hosts. files and fired up
No additions to the inetd.conf file and just used the SSH right out of
the RPM (though I did rebuild one or 2 when some of the exploits for SSH
were announced - but nothing special aside from MAYBE wrapper support).
I will look into exactly what I added and did not add, but I know I did
not add anything to inetd.conf nor to xinetd.conf (they both work well
together and apart, btw).
Will post what I find out for ya'all.
Skip Carter wrote:
> > Using Xinetd set to use hosts.allow and hosts.deny (in particular), I
> > have found on RedHat 7.x systems that using these files to regulate SSH
> > connections works quite well.
> > Adding to hosts.deny:
> > ALL: ALL
> > Will indeed stop SSH connections as well as everything else that uses
> > these wrappers (least for me it does!)
> > I add:
> > SSHD: Some.IP.Range. or.some.ip.address
> > to hosts.allow and I get access once more.
> > I may be far off base here - but it indeed works in my case. Give it a
> > try. May work for you also. And possibly some kind soul can explain why
> > SSH is regulated this way without being added to any conf file ...
> With the appropriate entry in inetd.conf or /etc/xinetd.d SSH and
> httpd (at least Apache anyway) CAN be tcp_wrappered (regardless of
> the Linux distro). BUT, in both of these cases there is a significant
> program startup overhead involved, so its really not a very good idea
> for these programs unless these startup delays can be tolerated in
> your network environment.
> Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
> Taygeta Scientific Inc. INTERNET: skip at ...1552...
> 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com
> Monterey, CA. 93940
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users