OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: ssh2 bypasses host.allow in /etc/login.conf?
From: Victor Ivanov (v0rbizicon-bg.net)
Date: Mon Jul 24 2000 - 03:10:08 CDT

|
| On Sun, 23 Jul 2000, Dmitry Pryanishnikov wrote:
|
| > Maybe I've missed something, but I mean NOT a file host.allow, but the
| > BSD-native login class restrictions written in /etc/login.conf, which
| > checked with auth_hostok() (or login_getclass()/login_getcapstr() as
| > in sshd.c from ssh1). Of course, make WITH_TCPWRAP=yes doesn't help!
|
| So... are these methods also in ssh2's .c file? Just curious... As Paul
| mentioned, not all version 1 features were carried over to version
| 2. Maybe this is just a case of getting bitten by this fact. Have you
| tried OpenSSH? A much better solution, IMCO.
|
I can do some tests with OpenSSH if you want (rushing out the door
| ATM). I usually always use /etc/hosts.allow to control access anyhow,
| because a CGI (allowing me to add hosts to hosts.allow from an SSL
| webpage) I wrote points to it and I'm too lazy to change it. ;)
|
| -mrh

login.conf is for login. It is no good if a program depend on another
program's config file which is subject to change... (i think)
maybe ssh2 does not use login? like openssh? or it is enabled with some
option?
is there 'UseLogin' option in the ssh2 config file (or something like?)

hafe fun

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message