Hi Chris,
Anne Carasik has written a great book named "UNIX Secure Shell"
McGraw-Hill ISBN 0-07-134933-2. The US edition comes with a CD also. I
strongly recommend this book to anybody trying to work out problems with
ssh.
I have to admit that I don't understand what is going on here, did you
run a client or did the 2nd daemon [136240] spawn on its own? What does
your /etc/hosts.allow file look like?
I usually don't like sending myself email every time a system denys an
entry or else I'd be getting an awful lot of junk mail. I usually put a
line like this:
spawn (DATE=`date`; /bin/echo $DATE %d %u %c >>/var/log/wrapper.deny.log)
at the end of the deny/allow file. I then check them about twice a week
for anomalies.
Carl
On 09-Nov-99 Christopher Dingle wrote:
>
> Hi Carl,
>
> Ok, I will try this. However, I had a bit of a problem. It seems I made
> progress:
>
> Nov 9 16:48:21 4E:kodos sshd[136305]: Starting daemon in inetd mode.
> Nov 9 16:48:21 4E:kodos sshd[136305]: failed to fetch remote ip
> address.
> Nov 9 16:48:21 6E:kodos sshd[136305]: connection from "UNKNOWN"
> Nov 9 16:48:21 3E:kodos sshd[136240]: warning: can't get client
> address: Socket operation on non-socket
> Nov 9 16:48:21 4E:kodos sshd[136240]: DNS lookup failed for "UNKNOWN".
> Nov 9 16:48:21 4E:kodos sshd[136240]: Daemon is running.
> Nov 9 16:48:21 6E:kodos sshd[136240]: Remote host disconnected:
> Connection closed by remote host.
> Nov 9 16:48:21 6E:kodos sshd[136240]: connection lost: 'Connection
> closed by remote host.'
> Nov 9 16:48:21 4E:kodos sshd[136305]: Daemon is running.
>
> But what's this? For some reason it won't allow any connections and
> things
> they're coming from nowhere. When I run ssh as a static daemonthere's
> no
> problem. I'm confused.
>
> The reason I wanted to try this from inetd is so I could get the
> desired
> response from the tcp wrappers for /etc/hosts.deny:
>
> ALL: ALL: spawn (echo "%s - connection attempt from %a"|
> /usr/sbin/mailx [EMAIL PROTECTED])
>
> When I run ssh as a static daemon I get mail saying "connection attempt
> from
> 0.0.0.0." I assumed this was because ssh performed it's own host
> lookups and
> matched them against the /etc/hosts.deny and /etc/hosts.allow. I wanted
> to try
> running it from inetd to see if I could get the spawn to work properly
> and
> give the desired output. I get the right output for all of the other
> services,
> except ssh.
>
> Thanks,
> Chris
------------------------------------------------------------------------
E-Mail: Carl J. Nobile <[EMAIL PROTECTED]>
Date: 10-Nov-99 Phone: 315-453-2912 Ex. 5336
Time: 08:12:00 Fax: 315-453-3052
Software Engineering Group
This message was sent by XFMail AppliedTheory Corp.
------------------------------------------------------------------------
