To enable usage of TCP wrappers with SSH Tectia Server, perform the following operations:
If SSH Tectia Server was previously installed from binaries, you may want to uninstall it before continuing.
Compile the source code:
$ ./configure --with-libwrap
$ make
Then, run the following with root privileges:
# make install
Note: If configure does not find libwrap.a, do the following:
Locate libwrap.a
Run configure again:
$ make distclean
$ ./configure --with-libwrap=/path_to_libwrap.a/
Note: It is only necessary to specify the path to libwrap.a if the library and the include files are located in a non-standard directory, i.e. if the library has been compiled to a local directory, or has been installed somewhere else than the default location.
Create or edit the /etc/hosts.allow and /etc/hosts.deny files. When a user tries to connect to the SSH Tectia Server, the TCP wrapper daemon (tcpd) reads the /etc/hosts.allow file for a rule that matches the client's hostname or IP. If /etc/hosts.allow does not contain a rule allowing access, tcpd reads /etc/hosts.deny for a rule that would deny access. If neither of the files contains an accept or deny rule, access is granted by default. The syntax for the /etc/hosts.allow and /etc/hosts.deny files is as follows:
daemon : client_hostname_or_IP
The typical setup is to deny access to everyone listed in the /etc/hosts.deny file. (This example shows both ssh1 and ssh2.)
sshd1: ALL
sshd2: ALL
sshdfwd-X11 : ALL
or simply
ALL: ALL
And then allow access only to trusted clients in the /etc/hosts.allow file:
Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps
