Tcp-Wrappers should be enabled to start and stop our OpenSSH server. Upon execution, inetd reads its configuration information from a configuration file which, by default, is /etc/inetd.conf. There must
be an entry for each field of the configuration file, with entries for each field separated by a tab or a space.
Edit the
inetd.conffile vi/etc/inetd.confand add the line:ssh stream tcp nowait root /usr/sbin/tcpd sshd -i
The -i parameter is important since it's specifies that sshd is being run from inetd. Also, update your
inetd.conffile by sending a SIGHUP signal killall-HUP inetdafter adding the above line to the file.To update your
inetd.conf file, use the following command:[root@deep] /#killall -HUP inetdEdit the
hosts.allowfile, vi/etc/hosts.allowand add the line:sshd: 192.168.1.4 win.openna.comWhich mean client IP
192.168.1.4with host namewin.openna.comis allowed to ssh in to the server.
These daemon strings for tcp-wrappers are in use by sshd:
- sshdfwd-X11
if you want to allow/deny X11-forwarding
- sshdfwd-<port-number>
for tcp-forwarding
- sshdfwd-<port-name>
port-name defined in
/etc/services. Used in tcp-forwarding
If you do decide to switch to using ssh, make sure you install and use it on all your servers. Having ten secure servers and one insecure is a waste of time.
For more details, there are several man pages you can read:
- ssh(1)
OpenSSH secure shell client remote login program
- ssh [slogin](1)
OpenSSH secure shell client remote login program
- ssh-add(1)
adds identities for the authentication agent
- ssh-agent(1)
authentication agent
- ssh-keygen(1)
authentication key generation
- sshd(8)
secure shell daemon