tcp_wrappers, sshd, strange behavior with hosts.deny - SGI

This is a discussion on tcp_wrappers, sshd, strange behavior with hosts.deny - SGI ; Hi, I recently setup an SGI O2 as an apache server with sshd running. I quickly noticed that several foriegn addresses were executing a "dictionary" type attack on my box. A little bit of research showed that I needed to ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: tcp_wrappers, sshd, strange behavior with hosts.deny

  1. tcp_wrappers, sshd, strange behavior with hosts.deny

    Hi,

    I recently setup an SGI O2 as an apache server with sshd running. I
    quickly noticed that several foriegn addresses were executing a
    "dictionary" type attack on my box. A little bit of research showed
    that I needed to compile tcp_wrappers, and recompile openssh with
    tcp_wrappers support. So I did that and it kind of works, but I can't
    seem to pass a basic test. In hosts.deny you should be able to add
    ALL: 127.0.0.1 and then when you try to ssh localhost from your
    localhost you should get rejected. Unfortunately I can't get that to
    work - I can login no problem. But I know that sshd is checking
    /etc/hosts.deny because if I put ALL: 0.0.0.0 in my /etc/hosts.deny
    then I get an "ssh_exchange_identification: Connection refused by
    remote host message" which is what I expected to happen with the
    127.0.0.1 entry.

    Further, when I ssh into my box from another machine and look in
    /var/adm/SYSLOG I see an entry like the following:

    ryan sshd[1107]: Server listening on 0.0.0.0 port 22
    ryan sshd[1107]: Generating RSA key
    ryan sshd[1107]: RSA key generation complete
    ryan sshd[1115]: Accepted password for from 0.0.0.0 port 60522
    ssh2
    ryan sshd[1115]: could not reverse map address 0.0.0.0

    The last two entries seem pretty strange...why is the external
    computer's address 0.0.0.0? Why is the sshd server listening on 0.0.0.0
    instead of 127.0.0.1?

    Any help would be much appreciated!

    Thanks,

    Chris


  2. Re: tcp_wrappers, sshd, strange behavior with hosts.deny

    In article <1164412092.253833.244560@14g2000cws.googlegroups.c om>,
    "cpadwick" wrote:

    : Hi,
    :
    : I recently setup an SGI O2 as an apache server with sshd running. I
    : quickly noticed that several foriegn addresses were executing a
    : "dictionary" type attack on my box. A little bit of research showed
    : that I needed to compile tcp_wrappers, and recompile openssh with
    : tcp_wrappers support. So I did that and it kind of works, but I can't
    : seem to pass a basic test. In hosts.deny you should be able to add
    : ALL: 127.0.0.1 and then when you try to ssh localhost from your
    : localhost you should get rejected. Unfortunately I can't get that to
    : work - I can login no problem. But I know that sshd is checking
    : /etc/hosts.deny because if I put ALL: 0.0.0.0 in my /etc/hosts.deny
    : then I get an "ssh_exchange_identification: Connection refused by
    : remote host message" which is what I expected to happen with the
    : 127.0.0.1 entry.
    :
    : Further, when I ssh into my box from another machine and look in
    : /var/adm/SYSLOG I see an entry like the following:
    :
    : ryan sshd[1107]: Server listening on 0.0.0.0 port 22
    : ryan sshd[1107]: Generating RSA key
    : ryan sshd[1107]: RSA key generation complete
    : ryan sshd[1115]: Accepted password for from 0.0.0.0 port 60522
    : ssh2
    : ryan sshd[1115]: could not reverse map address 0.0.0.0
    :
    : The last two entries seem pretty strange...why is the external
    : computer's address 0.0.0.0? Why is the sshd server listening on 0.0.0.0
    : instead of 127.0.0.1?
    :
    : Any help would be much appreciated!

    You're probably compiling with GCC and running into one of the IRIX-specific
    bugs. When you use GCC, it passes some types of parameters to subroutines
    slightly differently than the mipspro compilers, which doesn't really affect
    much except for inet_ntoa and related fuctions.

    The solution is to compile with mipspro, basically.


    Cheers - Tony 'Nicoya' Mantler

    --
    Tony 'Nicoya' Mantler - Master of Code-fu
    -- nicoya@ubb.ca --*http://www.ubb.ca/ --

  3. Re: tcp_wrappers, sshd, strange behavior with hosts.deny


    Tony 'Nicoya' Mantler wrote:
    > In article <1164412092.253833.244560@14g2000cws.googlegroups.c om>,
    > "cpadwick" wrote:
    >
    > : Hi,
    > :
    > : I recently setup an SGI O2 as an apache server with sshd running. I
    > : quickly noticed that several foriegn addresses were executing a
    > : "dictionary" type attack on my box. A little bit of research showed
    > : that I needed to compile tcp_wrappers, and recompile openssh with
    > : tcp_wrappers support. So I did that and it kind of works, but I can't
    > : seem to pass a basic test. In hosts.deny you should be able to add
    > : ALL: 127.0.0.1 and then when you try to ssh localhost from your
    > : localhost you should get rejected. Unfortunately I can't get that to
    > : work - I can login no problem. But I know that sshd is checking
    > : /etc/hosts.deny because if I put ALL: 0.0.0.0 in my /etc/hosts.deny
    > : then I get an "ssh_exchange_identification: Connection refused by
    > : remote host message" which is what I expected to happen with the
    > : 127.0.0.1 entry.
    > :
    > : Further, when I ssh into my box from another machine and look in
    > : /var/adm/SYSLOG I see an entry like the following:
    > :
    > : ryan sshd[1107]: Server listening on 0.0.0.0 port 22
    > : ryan sshd[1107]: Generating RSA key
    > : ryan sshd[1107]: RSA key generation complete
    > : ryan sshd[1115]: Accepted password for from 0.0.0.0 port 60522
    > : ssh2
    > : ryan sshd[1115]: could not reverse map address 0.0.0.0
    > :
    > : The last two entries seem pretty strange...why is the external
    > : computer's address 0.0.0.0? Why is the sshd server listening on 0.0.0.0
    > : instead of 127.0.0.1?
    > :
    > : Any help would be much appreciated!
    >
    > You're probably compiling with GCC and running into one of the IRIX-specific
    > bugs. When you use GCC, it passes some types of parameters to subroutines
    > slightly differently than the mipspro compilers, which doesn't really affect
    > much except for inet_ntoa and related fuctions.
    >
    > The solution is to compile with mipspro, basically.
    >
    >
    > Cheers - Tony 'Nicoya' Mantler
    >
    > --
    > Tony 'Nicoya' Mantler - Master of Code-fu
    > -- nicoya@ubb.ca -- http://www.ubb.ca/ --


    Hi Tony,

    Yes that was the problem! I recompiled using the IRIX compilers and
    viola, everything works now.

    Regards,

    Chris


  4. Re: tcp_wrappers, sshd, strange behavior with hosts.deny

    Tony 'Nicoya' Mantler wrote:

    : The solution is to compile with mipspro, basically.

    Or you can use a quick and dirty workaround:

    ---------------------------------------------------------------------------
    #ifdef GCC_SGI_BUG

    /*
    * inet_ntoa:
    * with gcc compiled from sources (up to gcc 2.95.2) returns always
    * 255.255.255.255 on SGI/IRIX
    *
    * this is a simple workaround
    */

    static char *my_inet_ntoa(struct in_addr add);

    static char *my_inet_ntoa(struct in_addr in)
    {
    static char s[512];
    u_long add;

    add=htonl(in.s_addr);
    sprintf(s, "%d.%d.%d.%d",
    (add & 0xff000000)>>24,
    (add & 0x00ff0000)>>16,
    (add & 0x0000ff00)>>8,
    (add & 0x000000ff)
    );
    return s;
    }

    #define inet_ntoa my_inet_ntoa
    #endif

    ---------------------------------------------------------------------------




    : Cheers - Tony 'Nicoya' Mantler

    : --
    : Tony 'Nicoya' Mantler - Master of Code-fu
    : -- nicoya@ubb.ca --*http://www.ubb.ca/ --

    --
    PGP and other useless info at \
    http://webdiis.unizar.es/~spd/ \
    finger://daphne.cps.unizar.es/spd \ Timeo Danaos et dona ferentes
    ftp://ivo.cps.unizar.es/pub/ \ (Virgilio)

+ Reply to Thread