In the spirit of the recent discussion about securing SSH, I've taken
the time to start using tcpwrappers (via the hosts.allow, hosts.deny)
with ssh. I've set it up to only allow certain IPs to connect.
Unfortunately, I can't demand that all hosts use key auth, as at least
one is incapable. So, I've locked down the list, and hope that will
be that.
2 questions: First, I'd like to know about it when a host *not* in my
allow list attempts to connect to ssh. I've seen some things online
about using the "spawn" command, but my attempts to use it did not work.
Secondly, I realize that tcpwrappers affect more than just sshd - I
immediately noticed, for example, that when I added this rule: ALL:
ALL to hosts.deny, that I could no longer connect to mysql on the same
server. Adding mysqld to the list of permitted hosts did the trick
(ie: sshd,mysqld: comma,separated,list,of,hosts) in hosts.allow.
Great, so now I can let stuff hit ssh and mysql that needs to. Here's
my second question: How can I figure out what other services may have
been borked due to my change to tcpwrappers? I know I can use ldd to
check things one at a time:
# ldd /usr/sbin/sshd | grep libwrap
libwrap.so.0 => /lib/libwrap.so.0 (0x00002b30d3744000)
# ldd /usr/sbin/apache2 | grep libwrap
#
So, ssh is using tcpwrappers, and apache is not. What I want to know
is if there is a way to just get a list of everything that is using
tcpwrappers without checking everything one at a time.
Thanks!
- Kimball
http://www.kimballlarsen.com
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
