Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.
By using this site you consent to us using cookies for improving user experience, identifying returning visitors, providing special offers, and marketing to our visitors. See Privacy Policy for details and how to disable cookies.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server >>
    Getting Started >>
    Configuration >>
    Authentication >>
    Application Tunneling >>
    Troubleshooting >>
    Man Pages
    Advanced Options >>
        Installing SSH Tectia Server from the Source Code >>
        Configuring TCP Wrappers
            Troubleshooting TCP Wrappers
    Log Messages >>

Configuring TCP Wrappers

To enable usage of TCP wrappers with SSH Tectia Server, perform the following operations:

  1. If SSH Tectia Server was previously installed from binaries, you may want to uninstall it before continuing.
  2. Compile the source code: 
    $ ./configure --with-libwrap 
$ make
    Then, run the following with root privileges: 
    # make install
    Note: If configure does not find libwrap.a, do the following:
    • Locate libwrap.a
    • Run configure again: 
      $ make distclean
$ ./configure --with-libwrap=/path_to_libwrap.a/
      Note: It is only necessary to specify the path to libwrap.a if the library and the include files are located in a non-standard directory, i.e. if the library has been compiled to a local directory, or has been installed somewhere else than the default location.
  3. Create or edit the /etc/hosts.allow and /etc/hosts.deny files. When a user tries to connect to the SSH Tectia Server, the TCP wrapper daemon (tcpd) reads the /etc/hosts.allow file for a rule that matches the client's hostname or IP. If /etc/hosts.allow does not contain a rule allowing access, tcpd reads /etc/hosts.deny for a rule that would deny access. If neither of the files contains an accept or deny rule, access is granted by default. The syntax for the /etc/hosts.allow and /etc/hosts.deny files is as follows: 
    daemon : client_hostname_or_IP
    The typical setup is to deny access to everyone listed in the /etc/hosts.deny file. (This example shows both ssh1 and ssh2.) 
    sshd1: ALL 
sshd2: ALL 
sshdfwd-X11 : ALL
    or simply 
    ALL: ALL
    And then allow access only to trusted clients in the /etc/hosts.allow file: 
    sshd1 : trusted_client_IP_or_hostname
sshd2 : .ssh.com foo.bar.fi
sshdfwd-X11 : .ssh.com foo.bar.fi
    Based on the /etc/hosts.allow file above, users coming from any host in the ssh.com domain or from the host foo.bar.fi are allowed access.

Troubleshooting TCP Wrappers

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice

===AUTO_SCHEMA_MARKUP===