[Sorry for the delay in responding; I actually replied contemporaneously, but...I only sent it to myself/Bcc; it never went to the list]
On 4/2/2010 7:18 AM, Reini Urban wrote: > > ALL : localhost 127.0.0.1/32 [::1]/128 : allow > > -ALL : PARANOID : deny > > sshd: ALL > > +ALL : PARANOID : deny > > > > sshd : ALL behind ALL PARANOID : deny is ignored, It must be before. > > Symptom: > > > > debug1: fd 4 clearing O_NONBLOCK > > debug1: Server will not fork when running in debugging mode. > > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 > > debug1: inetd sockets after dupping: 3, 3 > > debug1: Connection refused by tcp wrapper Err...no. The /etc/hosts.allow shipped by -21 does not differ (in this respect) from the one shipped by -20 for the last year, nor from the one shipped by -5 since 27 Apr 2008. The solution to a failure due to PARANOID is not to remove it or otherwise bypass it -- but to fix your local DNS. If you can't do that, THEN you can disable the PARANOID check, but just for your broken lan. It's not a reason to suggest disabling the PARANOID check for everyone by default. Take a look at /var/log/messages, and see what tcpd is reporting there. -- Chuck -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
