hello,
I have a tcp_wrapper setup with hosts.allow and hosts.deny. After the network switch over I am unable to ssh in. If I comment out
#all: all
in hosts.deny then I can ssh in. When I try to ssh in I get this error:
ssh_exchange_identification: Connection closed by remote host debug1:
Calling cleanup 0x10020298(0x0)
is this the problem with prng? or is this the problem with libwrap?
Thanks in advance,
Jay
> I have a tcp_wrapper setup with hosts.allow and
> and hosts.deny. After the network switch over I am
> unable to ssh in. If I comment out
Could you define this "network switch over"? What in your network is switching? If your clients are switching IP ranges then naturally the wrappers won't let you through. If your server is switching IP addresses something else might be b0rking things up...
I wouldn't say that getting rid of the wrappers will be your solution, especially not if you use them to filter other protocols (like ftp and telnet) too...
If you are denying all in hosts.deny and are not allowing ip-ranges or ip-numbers for the sshd service in your hosts.allow then nobody can use ssh (if it's compiled with tcp-wrappers). My guess would be to add something along the lines of;
sshd: ALL
or maybe specific networks such as;
sshd: 192.168.10.
This is how it works in the linux world ...
> I am also getting this in my syslog:
>
> Couldn't connect to PRNGD socket
> "/var/spool/prngd/pool": Connection refused
> Entropy collection failed
> ssh-rand-helper child produced insufficent data
This means that you don't have a source of random numbers to guarantee the reliability of the encryption schemes used by SSH.
The solution is to install prngd, which is available from SunFreeware.com. Other solution is to install /dev/random and /dev/urandom in your server. If you're running Solaris 8 there's even a patch from SUN to enable it.
For more information, take a look at http://www.cosy.sbg.ac.at/~andi/SUNrand/.
[]'s
Paulo Fessel
