Getting hosts.deny to work

I have this in my /etc/hosts.deny:

<pre>

#
# hosts.deny This file describes the names of the hosts which are
# denied the use of local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL: ALL:deny

</pre>

and then I use /etc/hosts.allow to let specific stuff in.

Here is an example analogous to what you are asking for:

<pre>

portmap: 128.114. : ALLOW

</pre>

Try just changing what yo uhave to


sshd: 192.168. :DENY

Did you kill sshd and restart it?

As for diagnosis, I guess you would have to try ssh-ing from one of those domains and see if it is blocked.

I don't know what log file to look at locally. But presumably it is in /var/logs somewhere.

This sounds like a Gary Kerbaugh question.

Another way to keep out evildoers is to put a line like

<pre>

AllowUsers username1 usernam2

</pre>

in /etc/sshd_config

and then ssh just hangs unless the pre-approved user names are trying to log in.

It is anathema to script kiddies.

Something relating to IPV6?

I think this is the case. If you do not need IPv6, then turn it off on the server:

Open System Preferences > Network, select the port you are using (AirMac, Builtin Ethernet, etc.) from the "Show" popup, and select "TCP/IP" tab. Then push "Configure IPv6..." and select "Off" from the popup. Then push OK and "Apply Now".

PowerMacG4, PowerBookG4, iMac(C2D) Mac OS X (10.4.9)

in my hosts.deny files, i usually use something like:

<pre>sshd: ALL</pre>

and in hosts.allow:

<pre># lan users
ALL: 192.168.99.0/255.255.255.0

# home or other location
sshd: 123.123.123.123
ALL: 54.54.54.54

</pre>

then, i add AllowUsers to sshd_config, and all is well. i also use key pairs to login, anyway.

macbook pro 2.16 ghz, powerbook G4 1ghz, G4 400 mhz, poweredge and some junkers Mac OS X (10.4.9)