On Tue, Apr 25, 2006 at 09:20:38AM -0700, Kris Anderson wrote: > > > --- Jose Borquez <[EMAIL PROTECTED]> wrote: > > > I attempt to establish an ssh connection to a remote > > server and I get > > the following error: > > "ssh_exchange_identification: Connection closed by > > remote host" > > > > I have checked the hosts.allow file and Everything > > is allowed by > > default. What else can I check? > > Thanks in advance, > Jose, > hosts.allow is only half the story. Check your > hosts.deny. I am currently working on a script that > futzes with the hosts.deny file and occasionally > something happens in the file. I've tested and tested > and everytime I remove a particular line from > hosts.deny all is well. Go figure. > > Not sure if your hosts.deny file has stuff in it, but > if it does make a backup of it then empty it out. You > should be able to connect. If you can connect then add > one line at a time to your hosts.deny then try > establishing a newly authenticated session until you > can't. Oddly one of two things, you'll either get > blocked immediately or all works and at some later > time suddenly you can't connect.
For quite some time now, hosts.deny has been deprecated and its functionality conflated with that of hosts.allow. If you want to maintain a separate file for denied addresses, it should be included in your hosts.allow with the following syntax: sshd : /etc/hosts.deniedssh : deny The file /etc/hosts.deniedssh contains only valid hosts_options(5) address specifications, which are expanded into the rule each time it is checked. Of course, the mere fact of hosts.deny's deprecation does not mean it won't work, but in general, if you don't have an extant hosts.deny, you are better off using the more modern, presumably better supported, style rather than deliberately setting up an already obsolescent configuration. In your case, Kris, I can see that it should make your script rather simpler to implement - you need only write addresses to the deny file, rather than a more complete rule. YMMV, and all that. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \
pgp3QvXCqvxgR.pgp
Description: PGP signature
