Your browser does not allow storing cookies. We recommend enabling them.
SSH.COM uses cookies to give you the best experience and most relevant marketing. More info
DECLINE Warning: Some functionality on this site will not work without cookies and our advertising will be less relevant!GOT IT!

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server >>
    Getting Started >>
    Configuration >>
    Authentication >>
    Application Tunneling >>
    Troubleshooting >>
    Man Pages
    Advanced Options >>
        Installing SSH Tectia Server from the Source Code >>
        Configuring TCP Wrappers
            Troubleshooting TCP Wrappers
    Log Messages >>

Configuring TCP Wrappers

To enable usage of TCP wrappers with SSH Tectia Server, perform the following operations:

  1. If SSH Tectia Server was previously installed from binaries, you may want to uninstall it before continuing.
  2. Compile the source code: 
    $ ./configure --with-libwrap 
$ make
    Then, run the following with root privileges: 
    # make install
    Note: If configure does not find libwrap.a, do the following:
    • Locate libwrap.a
    • Run configure again: 
      $ make distclean
$ ./configure --with-libwrap=/path_to_libwrap.a/
      Note: It is only necessary to specify the path to libwrap.a if the library and the include files are located in a non-standard directory, i.e. if the library has been compiled to a local directory, or has been installed somewhere else than the default location.
  3. Create or edit the /etc/hosts.allow and /etc/hosts.deny files. When a user tries to connect to the SSH Tectia Server, the TCP wrapper daemon (tcpd) reads the /etc/hosts.allow file for a rule that matches the client's hostname or IP. If /etc/hosts.allow does not contain a rule allowing access, tcpd reads /etc/hosts.deny for a rule that would deny access. If neither of the files contains an accept or deny rule, access is granted by default. The syntax for the /etc/hosts.allow and /etc/hosts.deny files is as follows: 
    daemon : client_hostname_or_IP
    The typical setup is to deny access to everyone listed in the /etc/hosts.deny file. (This example shows both ssh1 and ssh2.) 
    sshd1: ALL 
sshd2: ALL 
sshdfwd-X11 : ALL
    or simply 
    ALL: ALL
    And then allow access only to trusted clients in the /etc/hosts.allow file: 
    sshd1 : trusted_client_IP_or_hostname
sshd2 : .ssh.com foo.bar.fi
sshdfwd-X11 : .ssh.com foo.bar.fi
    Based on the /etc/hosts.allow file above, users coming from any host in the ssh.com domain or from the host foo.bar.fi are allowed access.

Troubleshooting TCP Wrappers

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now

  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now