This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: tcp_wrappers sshd hosts.allow problem

[Sorry for the delay in responding; I actually replied
contemporaneously, but...I only sent it to myself/Bcc; it never went to
the list]

On 4/2/2010 7:18 AM, Reini Urban wrote:

> >  ALL : localhost [::1]/128 : allow
> > -ALL : PARANOID : deny
> >  sshd: ALL
> > +ALL : PARANOID : deny
> >
> > sshd : ALL behind ALL PARANOID : deny is ignored, It must be before.
> > Symptom:
> >
> > debug1: fd 4 clearing O_NONBLOCK
> > debug1: Server will not fork when running in debugging mode.
> > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> > debug1: inetd sockets after dupping: 3, 3
> > debug1: Connection refused by tcp wrapper  The /etc/hosts.allow shipped by -21 does not differ (in this
respect) from the one shipped by -20 for the last year, nor from the one
shipped by -5 since 27 Apr 2008.

The solution to a failure due to PARANOID is not to remove it or
otherwise bypass it -- but to fix your local DNS.  If you can't do that,
THEN you can disable the PARANOID check, but just for your broken lan.
It's not a reason to suggest disabling the PARANOID check for everyone
by default.

Take a look at /var/log/messages, and see what tcpd is reporting there.


Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]