Configuring TCP Wrappers
To enable usage of TCP wrappers with SSH Tectia Server, perform the following operations:
- If SSH Tectia Server was previously installed from binaries, you may want to uninstall it before continuing.
- Compile the source code:
$ ./configure --with-libwrap
Then, run the following with root privileges:
# make install
configure does not find
, do the following:
- Create or edit the
/etc/ files. When a user tries to connect to the SSH Tectia Server, the TCP wrapper daemon (
) reads the
/etc/hosts.allow file for a rule that matches the client's hostname or IP. If
/etc/hosts.allow does not contain a rule allowing access,
/etc/hosts.deny for a rule that would deny access. If neither of the files contains an accept or deny rule, access is granted by default. The syntax for the
/etc/hosts.deny files is as follows:
daemon : client_hostname_or_IP
The typical setup is to deny access to everyone listed in the
/etc/hosts.deny file. (This example shows both
sshdfwd-X11 : ALL
And then allow access only to trusted clients in the
sshd1 : trusted_client_IP_or_hostname
sshd2 : .ssh.com foo.bar.fi
sshdfwd-X11 : .ssh.com foo.bar.fi
Based on the
/etc/hosts.allow file above, users coming from any host in the
ssh.com domain or from the host
foo.bar.fi are allowed access.
[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.