This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: tcp_wrappers sshd hosts.allow problem
[Sorry for the delay in responding; I actually replied
contemporaneously, but...I only sent it to myself/Bcc; it never went to
the list]
On 4/2/2010 7:18 AM, Reini Urban wrote:
> > ALL : localhost 127.0.0.1/32 [::1]/128 : allow
> > -ALL : PARANOID : deny
> > sshd: ALL
> > +ALL : PARANOID : deny
> >
> > sshd : ALL behind ALL PARANOID : deny is ignored, It must be before.
> > Symptom:
> >
> > debug1: fd 4 clearing O_NONBLOCK
> > debug1: Server will not fork when running in debugging mode.
> > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> > debug1: inetd sockets after dupping: 3, 3
> > debug1: Connection refused by tcp wrapper
Err...no. The /etc/hosts.allow shipped by -21 does not differ (in this
respect) from the one shipped by -20 for the last year, nor from the one
shipped by -5 since 27 Apr 2008.
The solution to a failure due to PARANOID is not to remove it or
otherwise bypass it -- but to fix your local DNS. If you can't do that,
THEN you can disable the PARANOID check, but just for your broken lan.
It's not a reason to suggest disabling the PARANOID check for everyone
by default.
Take a look at /var/log/messages, and see what tcpd is reporting there.
--
Chuck
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple