Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

15.5. Configure OpenSSH to use TCP-Wrappers/inetd super server

Tcp-Wrappers should be enabled to start and stop our OpenSSH server. Upon execution, inetd reads its configuration information from a configuration file which, by default, is /etc/inetd.conf. There must be an entry for each field of the configuration file, with entries for each field separated by a tab or a space.

  1. Edit the inetd.conf file vi /etc/inetd.conf and add the line:
              ssh	stream	tcp	nowait	root	/usr/sbin/tcpd	sshd -i
              

    Important: The -i parameter is important since it's specifies that sshd is being run from inetd. Also, update your inetd.conf file by sending a SIGHUP signal killall-HUP inetd after adding the above line to the file.

    To update your inetd.conf file, use the following command:
              [[email protected]] /#killall -HUP inetd
              

  2. Edit the hosts.allow file, vi /etc/hosts.allow and add the line:
              sshd: 192.168.1.4 win.openna.com
              
    Which mean client IP 192.168.1.4 with host name win.openna.com is allowed to ssh in to the server.

These daemon strings for tcp-wrappers are in use by sshd:

sshdfwd-X11

if you want to allow/deny X11-forwarding

sshdfwd-<port-number>

for tcp-forwarding

sshdfwd-<port-name>

port-name defined in /etc/services. Used in tcp-forwarding

Tip: If you do decide to switch to using ssh, make sure you install and use it on all your servers. Having ten secure servers and one insecure is a waste of time.

For more details, there are several man pages you can read:

ssh(1)

OpenSSH secure shell client remote login program

ssh [slogin](1)

OpenSSH secure shell client remote login program

ssh-add(1)

adds identities for the authentication agent

ssh-agent(1)

authentication agent

ssh-keygen(1)

authentication key generation

sshd(8)

secure shell daemon

 
 
  Published under the terms of the Open Publication License Design by Interspire