HPE Community
Operating System - HP-UX
1834827 Members
2752 Online
110070 Solutions
New Discussion

ftp problem - ftphosts limitations?

 
Michael Deely
Advisor

‎08-24-2005 12:44 AM

‎08-24-2005 12:44 AM

ftp problem - ftphosts limitations?

I help manage a server that is used as an ftp drop box. All ftp connections are being denied and the syslog.log is spewing the following message on every connection:

host_access: Config file too big!!
rhost_ok: sethacc failed

We have had issues in the past where the ftphosts file is to long or one line in the file is too long. I believe the limitation on the length of the ftphosts file is 1000 lines but I am not entirely sure what the line length limitation is. The ftphosts file was over 1000 lines and I have trimmed this down however the issue still remains.

Does anyone know the exact limitation on the ftphosts file and also any further insight on the errors in the syslog file would be great.
0 Kudos
Reply
6 REPLIES 6
RAC_1
Honored Contributor

‎08-24-2005 12:59 AM

‎08-24-2005 12:59 AM

Re: ftp problem - ftphosts limitations?

I am not aware of any such limits, but if it is there, why put so many hosts there??

You can put the domain address and eliminate the putting hosts under that domain.

Also if ftphosts has such limitation, and you want to get around it, you want to put some hosts in /var/adm/inetd.sec and deny then ftpd access.

man inetd.sec for details.
There is no substitute to HARDWORK
0 Kudos
Reply
Michael Deely
Advisor

‎08-24-2005 01:03 AM

‎08-24-2005 01:03 AM

Re: ftp problem - ftphosts limitations?

We have hundreds of ftp-only users, 500 or so. We have to limit each user by specific IP address. So each user would have a couple of lines, one allow line and one deny line. This server sits external to our firewall so we have to make sure that only specific IPs, ones that we allow, are allowed access to the server.
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-24-2005 01:08 AM

‎08-24-2005 01:08 AM

Re: ftp problem - ftphosts limitations?

Can you use, tcp wrappers??
If you have hp ssh installed, it comes with built-in tcpwrappers. Make use of /etc/hosts.allow file.
There is no substitute to HARDWORK
0 Kudos
Reply
Raj D.
Honored Contributor

‎08-24-2005 01:10 AM

‎08-24-2005 01:10 AM

Re: ftp problem - ftphosts limitations?

Hi Deely ,

Its seems faling because the limitation of the ftphosts file ,

the C code that is resposible for this error , rhost_ok: sethacc failed :

hostacc.c ,
--------------
Here is the details:

---------------------------------
int rhost_ok(char *pcRuser, char *pcRhost, char *pcRaddr)
69 {
70 hacc_t *ptHtmp;
71 char *pcHost;
72 char *ha_login;
73 int iInd, iLineMatch = 0, iUserSeen = 0;
74
75 switch (sethacc()) {
76 case 1:
77 /* no hostaccess file; disable mechanism */
78 return (1);
79 /* break; */
80 case -1:
81 syslog(LOG_INFO, "rhost_ok: sethacc failed");
82 endhacc();
83 return (0);
84 /* break; */
85 default:
86 break;
87 }
-----------------------------------

But I dont see this file in hp-ux 11i

Hope u can digout something more ,and help ,
Cheers ,

" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Michael Deely
Advisor

‎08-24-2005 01:10 AM

‎08-24-2005 01:10 AM

Re: ftp problem - ftphosts limitations?

That is something that we may have to look into. However, what I am really looking for now is to fix the immediate issue then we can look into another way of doing this at a later time. Any ideas on those error messages?
0 Kudos
Reply
Michael Deely
Advisor

‎08-24-2005 01:11 AM

‎08-24-2005 01:11 AM

Re: ftp problem - ftphosts limitations?

We are running hpux 11.00
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.