tcpwrapper has problem

Dear all,

Under Redhat 9, I want to let 192.168.0.0/24 to enter to the server through
sshd, and both hosts.allow and hosts.deny filesare set as follows.

hosts.allow
sshd: 192.168.0.0/24

host.deny
sshd:ALL

However, all computers even with ip 192.168.0.0./24 cannot enter to the
server. Why?


Also, as we know, the root account are not allowed to enter to the server by
default.
For sshd, if the root account other than the server are not allowed to the
server, how can we do?

Please give me helping hand, many thanks

Regards,
John

On Mon, 24 Sep 2007 11:56:11 +0800, John wrote:

> hosts.allow
> sshd: 192.168.0.0/24

sshd:192.168.

On Mon, 24 Sep 2007 11:56:11 +0800, John
<(E-Mail Removed)> wrote:
>
>
>
> Also, as we know, the root account are not allowed to enter to the server by
> default.
> For sshd, if the root account other than the server are not allowed to the
> server, how can we do?
>
You can allow them to ssh in as regular users, and use sudo when they need
root access. Or you can set PermitRootLogin in /etc/ssh/sshd_config. If you
do, I would recommend that you use a port other than 22 and don't allow
passwords.


--
Research is to see what everybody else has seen, and think what nobody
else has thought.

On Mon, 24 Sep 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <fd7cgr$qcp$(E-Mail Removed)>, John wrote:

>Under Redhat 9

Red Hat 9 was obsolete at the end of April 2004, and even the very
limited back-port support at fedoralegacy.org ended over 14 months
ago. Find a current (supported) distribution.

>I want to let 192.168.0.0/24 to enter to the server through
>sshd, and both hosts.allow and hosts.deny filesare set as follows.
>
>hosts.allow
>sshd: 192.168.0.0/24

man 5 hosts_access Your syntax is wrong.

>host.deny
>sshd:ALL

man 5 hosts_access Your syntax is wrong.

>However, all computers even with ip 192.168.0.0./24 cannot enter to the
>server. Why?

hosts.allow
sshd: 192.168.0.

host.deny
ALL: ALL

>Also, as we know, the root account are not allowed to enter to the
>server by default.
>For sshd, if the root account other than the server are not allowed to
>the server, how can we do?

[compton ~]$ whatis su
su (1) - run a shell with substitute user and group IDs
[compton ~]$

Old guy

Moe Trin wrote:

> On Mon, 24 Sep 2007, in the Usenet newsgroup comp.os.linux.networking, in
> article <fd7cgr$qcp$(E-Mail Removed)>, John wrote:
>
>>Under Redhat 9
>
> Red Hat 9 was obsolete at the end of April 2004, and even the very
> limited back-port support at fedoralegacy.org ended over 14 months
> ago. Find a current (supported) distribution.
>
>>I want to let 192.168.0.0/24 to enter to the server through
>>sshd, and both hosts.allow and hosts.deny filesare set as follows.
>>
>>hosts.allow
>>sshd: 192.168.0.0/24
>
> man 5 hosts_access Your syntax is wrong.
>
>>host.deny
>>sshd:ALL
>
> man 5 hosts_access Your syntax is wrong.
>
>>However, all computers even with ip 192.168.0.0./24 cannot enter to the
>>server. Why?
>
> hosts.allow
> sshd: 192.168.0.
>
> host.deny
> ALL: ALL
>
>>Also, as we know, the root account are not allowed to enter to the
>>server by default.
>>For sshd, if the root account other than the server are not allowed to
>>the server, how can we do?
>
> [compton ~]$ whatis su
> su (1) - run a shell with substitute user and group IDs
> [compton ~]$
>
> Old guy

One way to check your host.allow and host.deny files is to use tcpdchk. Also
tcpdmatch for a line by line accounting....

--


Jerry McBride

On Sun, 30 Sep 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <(E-Mail Removed)>, Jerry McBride wrote:

>Moe Trin wrote:

>> John wrote:

>>>Under Redhat 9

>> man 5 hosts_access Your syntax is wrong.

>One way to check your host.allow and host.deny files is to use tcpdchk.
>Also tcpdmatch for a line by line accounting....

When did they modify xinetd to work with those programs? Both look at
the /etc/inetd.conf file, rather than the files in /etc/xinetd.d/, or
standalone applications compiled with libwrap. The tcp_wrappers source
was last modified in February 1997, over three years before Red Hat
introduced xinetd in Red Hat 7.0 (September 2000). Last time I looked at
the binary rpm that came with Red Hat > 7.0, it didn't even have those
two programs.

Old guy

Moe Trin wrote:

> On Sun, 30 Sep 2007, in the Usenet newsgroup comp.os.linux.networking, in
> article <(E-Mail Removed)>, Jerry McBride wrote:
>
>>Moe Trin wrote:
>
>>> John wrote:
>
>>>>Under Redhat 9
>
>>> man 5 hosts_access Your syntax is wrong.
>
>>One way to check your host.allow and host.deny files is to use tcpdchk.
>>Also tcpdmatch for a line by line accounting....
>
> When did they modify xinetd to work with those programs? Both look at
> the /etc/inetd.conf file, rather than the files in /etc/xinetd.d/, or
> standalone applications compiled with libwrap. The tcp_wrappers source
> was last modified in February 1997, over three years before Red Hat
> introduced xinetd in Red Hat 7.0 (September 2000). Last time I looked at
> the binary rpm that came with Red Hat > 7.0, it didn't even have those
> two programs.
>
> Old guy

Not by default... you have to "-i /etc/xinetd.conf"...


--


Jerry McBride

Jerry McBride <(E-Mail Removed)> writes:

>Moe Trin wrote:

>> On Sun, 30 Sep 2007, in the Usenet newsgroup comp.os.linux.networking, in
>> article <(E-Mail Removed)>, Jerry McBride wrote:
>>
>>>Moe Trin wrote:
>>
>>>> John wrote:
>>
>>>>>Under Redhat 9
>>
>>>> man 5 hosts_access Your syntax is wrong.
>>
>>>One way to check your host.allow and host.deny files is to use tcpdchk.
>>>Also tcpdmatch for a line by line accounting....
>>
>> When did they modify xinetd to work with those programs? Both look at
>> the /etc/inetd.conf file, rather than the files in /etc/xinetd.d/, or
>> standalone applications compiled with libwrap. The tcp_wrappers source
>> was last modified in February 1997, over three years before Red Hat
>> introduced xinetd in Red Hat 7.0 (September 2000). Last time I looked at
>> the binary rpm that came with Red Hat > 7.0, it didn't even have those
>> two programs.
>>
>> Old guy

>Not by default... you have to "-i /etc/xinetd.conf"...

Well, no that does not do much since /etc/xinetd.conf does not have much in
it.



>--


>Jerry McBride