Description of problem: sshd appears to totally ignore tcp_wrappers controls. If I put an empty /etc/hosts.allow and an /etc/hosts.deny that has ALL: ALL in it, I can still connect from anywhere. This is a fairly vanilla install of fc6 i386 - I just upgraded from fc3 where it worked as documented. If there is something new in the setup that I need to do to activate wrappers in fc6 it appears to be undocumented. Was sshd compiled with wrapper support? The script kiddies have already found this and are ballooning my log files!! Version-Release number of selected component (if applicable): openssh-askpass-4.3p2-14.fc6 openssh-server-4.3p2-14.fc6 openssh-4.3p2-14.fc6 openssh-clients-4.3p2-14.fc6 tcp_wrappers-7.6-40.2.1 How reproducible: All platforms I have running fc6 behave the same. Steps to Reproduce: 1. Install fc6 with openssh + tcp_wrappers 2. Add hosts.allow/deny rules that have worked for a long time 3. Actual results: Access appears to be wide open no matter what access rules are used Expected results: Configurable blocking Additional info:
Problem maybe solved. Version 10 appears to not work, and the update from version 10 to version 14 failed due to the over-aggressive file protections on /usr/bin/ssh and /usr/sbin/sshd in version 10. Version 14 could not overwrite old executables, so created new ones with version number appended. Could the update script be updated to deal with the file attributes in Ver 10?