Package: ssh Version: 1:3.8.1p1-8.sarge.4 Followup-For: Bug #283703 hi
I was biten by this bug . Here is what I found. I have a very strict /etc/hosts.deny, and an /etc/hosts.allow with many lines such as follows : sshd : 192.167.206. After an upgrade to sarge, sshd stopped working. Here are a few tests I did (using 192.167.206.156 as the client) --------------------- first test (server side) # sshd -ddd debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. debug1: Connection refused by tcp wrapper --------------------- then I tried to add sshd : ALL to /etc/hosts.allow and it was working fine, as follows ----------------------- # sshd -ddd debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from ::ffff:192.167.206.156 port 51892 debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1 Debian-8.sarge.4 .......all goes fine.......... ----------------------------------- then I tried with the line sshd : 192.167.206.156 and again it was OK; the line sshd : 192.167.206. was always constantly a NO-GO ----------------------------- then I upgraded libwrap, as follows # apt-get install libwrap0 The following packages will be upgraded: libwrap0 Preparing to replace libwrap0 7.6-9 (using .../libwrap0_7.6.dbs-8_i386.deb) ... Unpacking replacement libwrap0 ... Setting up libwrap0 (7.6.dbs-8) ... ----------------------- now the line sshd : 192.167.206. works fine ----------------------- a. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ssh depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.30.11 Debian configuration management sy ii dpkg 1.10.27 Package maintenance system for Deb ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpam-modules 0.72-35 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7c-5 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.2-3 compression library - runtime -- debconf information: ssh/insecure_rshd: ssh/privsep_ask: true * ssh/user_environment_tell: * ssh/forward_warning: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true * ssh/SUID_client: false ssh/disable_cr_auth: false * ssh/privsep_tell: ssh/ssh2_keys_merged: * ssh/protocol2_only: true ssh/encrypted_host_key_but_no_keygen: * ssh/run_sshd: true -- Andrea Mennucc "Ukn ow,Ifina llyfixe dmysp acebar.ohwh atthef" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
