oops..
one thing I forgot to mention..
ssh looks for the default path of libwrap to be in the /usr/lib/
directory. I do not think that a solaris 2.6/2.7 box has tcp wrappers
installed by default (I could be wrong, been known to happen before) and
may not install the libwrap.a into the directory that the ./configure
script is looking for.
At first I was going to recommend that you check to make sure that
libwrap.a is indeed installed, but since you say that it blocks them via
telnet properly, then that would assume that it is.. just might want to
take a look at the directory that it's installed into.
If all else fails... add acls's to the router/switch. :)
-BP/e
---------- Forwarded message ----------
Date: Wed, 13 Jun 2001 09:15:55 -0700 (MST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: Testing TCP Wrappers
Well, you don't have libwrap compiled in to your SSHD.
./configure --with-libwrap=/usr/lib/libwrap.a ; make && make install
Then it will work with your wrappers.
-BP/e
Thanks for your suggestions, although I am still stuck; let me go into
some more
detail of my configuration:
I am running sshd2 on a system called 'server'. I am trying to disable ssh
connections from a system called 'client'. (Both are running Solaris 7.)
A sample session:
-----
server# grep client /etc/hosts.allow
server# grep ssh /etc/hosts.allow
server# grep client /etc/hosts.deny
ALL:client
server# grep ssh /etc/hosts.deny
sshd:ALL
sshd2:ALL
server# grep telnet /etc/inetd.conf
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
server# strings /usr/local/sbin/sshd2 | grep '\/etc\/hosts'
/etc/hosts.equiv
Accepted for %.100s [%.100s] by /etc/hosts.equiv.
server# ldd /usr/local/sbin/sshd2
libpam.so.1 => /usr/lib/libpam.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libcurses.so.1 => /usr/lib/libcurses.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libsec.so.1 => /usr/lib/libsec.so.1
libm.so.1 => /usr/lib/libm.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-1/lib/libc_psr.so.1
server#
-----
client$ telnet server
Trying 123.123.123.123...
Connected to server.
Escape character is '^]'.
Connection closed by foreign host.
client$ ssh2 server
grpoobah's password: [******]
Authentication successful.
[...]
-----
server# tail -1 /var/log/syslog
Jun 13 11:45:00 server in.telnetd[3047]: refused connect from client
server#
-----
Also, I should note that ssh-2.4.0 was built from source on client and
converted
to a Solaris package for installing on server. (I doubt this matters as it
works
all too well.)
Scott: I couldn't find any mention of a syslog service name in
/etc/ssh2/ssh2_config
-----
Thank you for your help,
Jared
