Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server >>
    Getting Started >>
    Configuration >>
    Authentication >>
    Application Tunneling >>
    Troubleshooting >>
    Man Pages
    Advanced Options >>
        Installing SSH Tectia Server from the Source Code >>
        Configuring TCP Wrappers
            Troubleshooting TCP Wrappers
    Log Messages >>

Configuring TCP Wrappers

To enable usage of TCP wrappers with SSH Tectia Server, perform the following operations:

  1. If SSH Tectia Server was previously installed from binaries, you may want to uninstall it before continuing.
  2. Compile the source code:
    $ ./configure --with-libwrap 
    $ make
    
    Then, run the following with root privileges:
    # make install
    
    Note: If configure does not find libwrap.a, do the following:
    • Locate libwrap.a
    • Run configure again:
      $ make distclean
      $ ./configure --with-libwrap=/path_to_libwrap.a/
      
      Note: It is only necessary to specify the path to libwrap.a if the library and the include files are located in a non-standard directory, i.e. if the library has been compiled to a local directory, or has been installed somewhere else than the default location.
  3. Create or edit the /etc/hosts.allow and /etc/hosts.deny files. When a user tries to connect to the SSH Tectia Server, the TCP wrapper daemon (tcpd) reads the /etc/hosts.allow file for a rule that matches the client's hostname or IP. If /etc/hosts.allow does not contain a rule allowing access, tcpd reads /etc/hosts.deny for a rule that would deny access. If neither of the files contains an accept or deny rule, access is granted by default. The syntax for the /etc/hosts.allow and /etc/hosts.deny files is as follows:
    daemon : client_hostname_or_IP 
    
    The typical setup is to deny access to everyone listed in the /etc/hosts.deny file. (This example shows both ssh1 and ssh2.)
    sshd1: ALL 
    sshd2: ALL 
    sshdfwd-X11 : ALL 
    
    or simply
    ALL: ALL 
    
    And then allow access only to trusted clients in the /etc/hosts.allow file:
    sshd1 : trusted_client_IP_or_hostname
    sshd2 : .ssh.com foo.bar.fi
    sshdfwd-X11 : .ssh.com foo.bar.fi
    
    Based on the /etc/hosts.allow file above, users coming from any host in the ssh.com domain or from the host foo.bar.fi are allowed access.

Troubleshooting TCP Wrappers

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice

===AUTO_SCHEMA_MARKUP===