HPE Community
Operating System - HP-UX
1830898 Members
3080 Online
110017 Solutions
New Discussion

Re: SSH and TCP Wrappers

 
Travis Harp
Advisor

‎07-02-2003 10:57 AM

‎07-02-2003 10:57 AM

SSH and TCP Wrappers

Can anyone confirm that the SSH depot from the HP site doesn't support TCP wrappers?

At this point I've not found a way to get it to work with wrappers but was hoping to save myself the trouble of compiling it.
Eagles may soar but weasels don't get sucked into jet engines.
0 Kudos
Reply
4 REPLIES 4
Bill Douglass
Esteemed Contributor

‎07-02-2003 11:50 AM

‎07-02-2003 11:50 AM

Re: SSH and TCP Wrappers

HP's secure shell 3.5 does include libwrap.a (tcpwrappers).

http://docs.hp.com/hpux/onlinedocs/T1471-90006/T1471-90006.html



The version of openssh at

http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Networking/Admin/openssh-3.6.1p1/openssh-3.6.1p1-sd-11.00.depot.gz

also has support for tcpwrappers compiled in.

Note the prereqs: tcpwrappers (duh), libiconv, zlib, openssl, and perl for this version. The HP version has everything statically compiled in.

0 Kudos
Reply
Jairo Campana
Trusted Contributor

‎07-02-2003 12:25 PM

‎07-02-2003 12:25 PM

Re: SSH and TCP Wrappers

tcpwrappers depot in
http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/??

libiconv
http://hpux.cs.utah.edu/hppd/hpux/Development/Libraries/libiconv-1.9/

zlib:
http://hpux.cs.utah.edu/hppd/hpux/Misc/zlib-1.1.4/
perl
http://hpux.cs.utah.edu/hppd/hpux/Languages/perl-5.8.0/
openssl
http://hpux.cs.utah.edu/hppd/hpux/Languages/openssl-0.9.7b/
and verify gettex install in you server:
http://hpux.cs.utah.edu/hppd/hpux/Gnu/gettext-0.12/




The HP version of ssh is much easier, as it includes the required libraries statically linked into it.

On the other hand, if you need to compile it yourself for specific options, then downloading the source from

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.6.1p1/

is the way to go. However, you will need to install zlib, libiconv, tcpwrappers and openssl first.

Keep ssh on port 22. You'll have much less grief with ssh clients that way.

legionx
0 Kudos
Reply
Travis Harp
Advisor

‎07-03-2003 05:11 AM

‎07-03-2003 05:11 AM

Re: SSH and TCP Wrappers

Ok. So it does support wrappers. Does anyone have a good doc on how to set up SSH with TCP wrappers?

I'm pretty new to using SSH.
Eagles may soar but weasels don't get sucked into jet engines.
0 Kudos
Reply
Edgar Avila
Frequent Advisor

‎07-03-2003 06:22 AM

‎07-03-2003 06:22 AM

Re: SSH and TCP Wrappers

If you're new to ssh I'll recommend using SSh and TCP Wrappers from hp and USE SSHD STARTED FROM TCPWRAPPERS. Use option -i on sshd (Started from inetd).
The conexion it's slow at first. Once established it's fast due to compression.
This will prevent your system from being hacked from unknown ips.

If you're using it to pretect only passwords and your site it's public, then you'll need to compile them to be able to patch them every time a vulnerability it's discovered.

-------------------------------------
Try to get the last version of both and compile them.
ssh : http://www.openssh.org
ssl : http://www.openssl.org
tcpwrapper: ftp://ftp.porcupine.org/pub/security/index.html

It's pretty hard but it's safer than getting old versions installed.

You'll need to actualize often your versions due to new vulnerabilities found every month.

I know compiling it' the hard way. But it's the better way too due to the flexibility you have with it.
Knowledge is power... so... give me the power!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.