Mail Archives: cygwin/2010/04/19/18:34:48

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2010/04/19/18:34:48

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=-0.7 required=5.0 tests=BAYES_40,DKIM_SIGNED,DKIM_VALID,RCVD_IN_DNSWL_LOW

X-Spam-Check-By: sourceware.org

Message-ID: <4BCCDA62.7040609@cwilson.fastmail.fm>

Date: Mon, 19 Apr 2010 18:34:10 -0400

From: Charles Wilson <cygwin AT cwilson DOT fastmail DOT fm>

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666

MIME-Version: 1.0

To: Cygwin Mailing List <cygwin AT cygwin DOT com>

Subject: Re: tcp_wrappers sshd hosts.allow problem

References: <k2w6910a61004020418r95cf717lf0a5aa92284cc775 AT mail DOT gmail DOT com>

In-Reply-To: <k2w6910a61004020418r95cf717lf0a5aa92284cc775@mail.gmail.com>

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

[Sorry for the delay in responding; I actually replied
contemporaneously, but...I only sent it to myself/Bcc; it never went to
the list]

On 4/2/2010 7:18 AM, Reini Urban wrote:

> >  ALL : localhost 127.0.0.1/32 [::1]/128 : allow
> > -ALL : PARANOID : deny
> >  sshd: ALL
> > +ALL : PARANOID : deny
> >
> > sshd : ALL behind ALL PARANOID : deny is ignored, It must be before.
> > Symptom:
> >
> > debug1: fd 4 clearing O_NONBLOCK
> > debug1: Server will not fork when running in debugging mode.
> > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> > debug1: inetd sockets after dupping: 3, 3
> > debug1: Connection refused by tcp wrapper

Err...no.  The /etc/hosts.allow shipped by -21 does not differ (in this
respect) from the one shipped by -20 for the last year, nor from the one
shipped by -5 since 27 Apr 2008.

The solution to a failure due to PARANOID is not to remove it or
otherwise bypass it -- but to fix your local DNS.  If you can't do that,
THEN you can disable the PARANOID check, but just for your broken lan.
It's not a reason to suggest disabling the PARANOID check for everyone
by default.

Take a look at /var/log/messages, and see what tcpd is reporting there.

--
Chuck

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-0.7 required=5.0 tests=BAYES_40,DKIM_SIGNED,DKIM_VALID,RCVD_IN_DNSWL_LOW
X-Spam-Check-By:	sourceware.org
Message-ID:	<4BCCDA62.7040609@cwilson.fastmail.fm>
Date:	Mon, 19 Apr 2010 18:34:10 -0400
From:	Charles Wilson <cygwin AT cwilson DOT fastmail DOT fm>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version:	1.0
To:	Cygwin Mailing List <cygwin AT cygwin DOT com>
Subject:	Re: tcp_wrappers sshd hosts.allow problem
References:	<k2w6910a61004020418r95cf717lf0a5aa92284cc775 AT mail DOT gmail DOT com>
In-Reply-To:	<k2w6910a61004020418r95cf717lf0a5aa92284cc775@mail.gmail.com>
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com