X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-0.7 required=5.0 tests=BAYES_40,DKIM_SIGNED,DKIM_VALID,RCVD_IN_DNSWL_LOW X-Spam-Check-By: sourceware.org Message-ID: <4BCCDA62.7040609@cwilson.fastmail.fm> Date: Mon, 19 Apr 2010 18:34:10 -0400 From: Charles Wilson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666 MIME-Version: 1.0 To: Cygwin Mailing List Subject: Re: tcp_wrappers sshd hosts.allow problem References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com [Sorry for the delay in responding; I actually replied contemporaneously, but...I only sent it to myself/Bcc; it never went to the list] On 4/2/2010 7:18 AM, Reini Urban wrote: > > ALL : localhost 127.0.0.1/32 [::1]/128 : allow > > -ALL : PARANOID : deny > > sshd: ALL > > +ALL : PARANOID : deny > > > > sshd : ALL behind ALL PARANOID : deny is ignored, It must be before. > > Symptom: > > > > debug1: fd 4 clearing O_NONBLOCK > > debug1: Server will not fork when running in debugging mode. > > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 > > debug1: inetd sockets after dupping: 3, 3 > > debug1: Connection refused by tcp wrapper Err...no. The /etc/hosts.allow shipped by -21 does not differ (in this respect) from the one shipped by -20 for the last year, nor from the one shipped by -5 since 27 Apr 2008. The solution to a failure due to PARANOID is not to remove it or otherwise bypass it -- but to fix your local DNS. If you can't do that, THEN you can disable the PARANOID check, but just for your broken lan. It's not a reason to suggest disabling the PARANOID check for everyone by default. Take a look at /var/log/messages, and see what tcpd is reporting there. -- Chuck -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple