HPE Community
Operating System - HP-UX
1833875 Members
1527 Online
110063 Solutions
New Discussion

Re: sshd

 
SOLVED
Go to solution
Erich Donze
Occasional Advisor

‎07-17-2003 10:02 AM

‎07-17-2003 10:02 AM

sshd

I recently installed ssh on 3 HP-UX server. One of them won't accept connections even from itself. I ran sshd -d and this is my output:

#sshd -d
3192: debug1: sshd version OpenSSH_3.5p1
3192: debug1: read PEM private key done: type RSA
3192: debug1: private host key: #0 type 1 RSA
3192: debug1: read PEM private key done: type DSA
3192: debug1: private host key: #1 type 2 DSA
3192: debug1: Bind to port 22 on 10.1.8.5.
3192: Server listening on 10.1.8.5 port 22.
3192: debug1: Server will not fork when running in debugging mode.
3192: debug1: Connection refused by tcp wrapper


The last two lines come up when the attempt to connect is made. I looked for references to wrapper in /etc/services and /etc/inetd.conf and I didn't find any. As far as I can tell, I'm not using tcp wrappers. Any help you can provide would be helpful. Thanks in advance,
Erich
0 Kudos
Reply
7 REPLIES 7
Paul Sperry
Honored Contributor

‎07-17-2003 10:33 AM

‎07-17-2003 10:33 AM

Re: sshd

Anything in /var/adm/inetd.sec?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-17-2003 10:52 AM

‎07-17-2003 10:52 AM

Re: sshd

Welcome to Hogwarts.

A tcp wrapper error message without it being installed.

This is a head scratcher.

Was it ever installed?

swlist -l product | grep -i wrapper

Perhaps OpenSSH was this feature built in. Bug?

We're using Secure Shell 3.50 from HP depots so our experience may not help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Erich Donze
Occasional Advisor

‎07-17-2003 12:15 PM

‎07-17-2003 12:15 PM

Re: sshd

Yes and no:

#swlist -l product | grep -i wrapper

#more /var/adm/inetd.sec
printer allow iceberg.miracosta.cc.ca.us

#

Erich
0 Kudos
Reply
Erich Donze
Occasional Advisor

‎07-17-2003 12:17 PM

‎07-17-2003 12:17 PM

Re: sshd

P.S. This is ssh 3.50 from software.hp.com
Erich
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎07-17-2003 02:56 PM

‎07-17-2003 02:56 PM

Solution

Re: sshd

Hi Erich,

This tells you that your sshd was compiled with tcp_wrappers. My understanding is that if it is compiled with tcp_wrappers, it will look for these files /etc/hosts.allow or /etc/hosts.deny.

Look at /etc/hosts.allow or /etc/hosts.deny. For testing purposes create a file called /etc/hosts.allow and add this

sshd: ALL@yourdomain.com

Try again.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Erich Donze
Occasional Advisor

‎07-18-2003 02:21 PM

‎07-18-2003 02:21 PM

Re: sshd

That was indeed the issue. My hosts.deny is all:all
I'll have to revise that. Thanks,
Erich
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎07-19-2003 04:34 PM

‎07-19-2003 04:34 PM

Re: sshd

Hi,

Indeed, this is a common problem that should be listed in the FAQ if not already so. Recent versions of OpenSSH has tcpwrappers built-in. This probably explains why you can't find it in your swlist.

Because it is built-in, tcpwrapper is referenced in your sshd_config file. Checking /etc/inetd.conf turns up nothing because sshd is by default not called from inetd, though it can be specially configured to be called in that manner.

When tcpwrapper is spawned to handle a connection, tcpd will be launched. One way to identify whether tcpwrapper is installed on your system is to search for a binary tcpd. If the binary exists, it is installed on your system.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.