1. Is sshd wrapped with tcp-wrappers? Assuming the sshd daemon is invoked from inetd, your /etc/hosts.allow should list acceptable addresses from which connections are allowed.
2. Is sshd running on the standard port 22 or another? If running on a non-standard
port, make sure that your ssh client is specifying the target port.
3. Which sshd version is running? There are many problems with sshd2 used in
conjunction with tcp-wrappers. sshd1 runs with fewer difficulties wrapped. Also, the
ssh1 client has difficulty connecting to a sshd2 server.
4. Make sure that your /etc/services reflects the ssh service on the designated
port! /etc/services and tcp-wrappers work together when invoking the sshd daemon.
Example: sshd1 running on port 700 should have an entry in /etc/services as such:
ssh1 700/tcp #ssh1
ssh1 700/udp
While in inetd.conf, the invoking line should read:
ssh1 stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/sshd1 -i -p 700
2. Is sshd running on the standard port 22 or another? If running on a non-standard
port, make sure that your ssh client is specifying the target port.
3. Which sshd version is running? There are many problems with sshd2 used in
conjunction with tcp-wrappers. sshd1 runs with fewer difficulties wrapped. Also, the
ssh1 client has difficulty connecting to a sshd2 server.
4. Make sure that your /etc/services reflects the ssh service on the designated
port! /etc/services and tcp-wrappers work together when invoking the sshd daemon.
Example: sshd1 running on port 700 should have an entry in /etc/services as such:
ssh1 700/tcp #ssh1
ssh1 700/udp
While in inetd.conf, the invoking line should read:
ssh1 stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/sshd1 -i -p 700
No comments:
Post a Comment