Can you close this bug? It looks to me that this was an issue with a broken libwrap. Correct?
Christoph
A Mennucc schrieb:
> Package: ssh
> Version: 1:3.8.1p1-8.sarge.4
> Followup-For: Bug #283703
>
> hi
>
> I was biten by this bug . Here is what I found.
>
> I have a very strict /etc/hosts.deny, and an /etc/hosts.allow
> with many lines such as follows :
> sshd : 192.167.206.
>
> After an upgrade to sarge, sshd stopped working.
>
> Here are a few tests I did (using 192.167.206.156 as the client)
>
>
> --------------------- first test (server side)
> # sshd -ddd
> debug2: read_server_config: filename /etc/ssh/sshd_config
> debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Bind to port 22 on 0.0.0.0.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> debug1: Connection refused by tcp wrapper
> ---------------------
>
> then I tried to add
> sshd : ALL
> to /etc/hosts.allow and it was working fine, as follows
>
> -----------------------
> # sshd -ddd
> debug2: read_server_config: filename /etc/ssh/sshd_config
> debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Bind to port 22 on 0.0.0.0.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> Connection from ::ffff:192.167.206.156 port 51892
> debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1
> Debian 1:3.4p1-1.woody.3
> debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1 Debian-8.sarge.4
> .......all goes fine..........
> -----------------------------------
>
> then I tried with the line
> sshd : 192.167.206.156
> and again it was OK; the line
> sshd : 192.167.206.
> was always constantly a NO-GO
>
> -----------------------------
> then I upgraded libwrap, as follows
> # apt-get install libwrap0
> The following packages will be upgraded:
> libwrap0
> Preparing to replace libwrap0 7.6-9 (using .../libwrap0_7.6.dbs-8_i386.deb)
> ...
> Unpacking replacement libwrap0 ...
> Setting up libwrap0 (7.6.dbs-8) ...
> -----------------------
>
> now the line
> sshd : 192.167.206.
> works fine
>
> -----------------------
>
> a.
>
> -- System Information:
> Debian Release: 3.1
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-k7
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
>
> Versions of packages ssh depends on:
> ii adduser 3.63 Add and remove users and groups
> ii debconf 1.4.30.11 Debian configuration management
> sy
> ii dpkg 1.10.27 Package maintenance system for
> Deb
> ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries
> an
> ii libpam-modules 0.72-35 Pluggable Authentication Modules
> f
> ii libpam-runtime 0.76-22 Runtime support for the PAM
> librar
> ii libpam0g 0.76-22 Pluggable Authentication Modules
> l
> ii libssl0.9.7 0.9.7c-5 SSL shared libraries
> ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers
> libra
> ii zlib1g 1:1.2.2-3 compression library - runtime
>
> -- debconf information:
> ssh/insecure_rshd:
> ssh/privsep_ask: true
> * ssh/user_environment_tell:
> * ssh/forward_warning:
> ssh/insecure_telnetd:
> ssh/new_config: true
> * ssh/use_old_init_script: true
> * ssh/SUID_client: false
> ssh/disable_cr_auth: false
> * ssh/privsep_tell:
> ssh/ssh2_keys_merged:
> * ssh/protocol2_only: true
> ssh/encrypted_host_key_but_no_keygen:
> * ssh/run_sshd: true
>
--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: [EMAIL PROTECTED]
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
signature.asc
Description: OpenPGP digital signature
