@Home in fremont vs. tcpwrappers

[Matt Zimmerman]

On Thu, Dec 13, 2001 at 10:29:50AM -0800, Stuart Marshall wrote:

> in my (at work) /etc/hosts.allow file, I've attempted to let in the
> subnet that my @home ip is on.  The logs indicate that I connect but
> the tcpwrapper routines dump me because gethostbyname() fails.  Here
> is the relevant stuff from the log file:
> 
>   can't verify hostname: gethostbyname(12-234-242-65.client.attbi.com) failed
> 
> which was generated in the function sock_hostname(), causing it to
> return PARANOID which then caused my @home ssh client to get dumped.
> 
> Does anyone know how to set up /etc/hosts.allow to let in a subnet
> where the hostname for the incoming ip address cannot be looked up?
> I've re-read the hosts_access manpage several times and don't see a
> way.  Or perhaps I need some additional options for dhclient to get
> the hostname lookup to work correctly.  My home computer thinks it
> has another hostname.  I do want to restrict access to subnets.

You probably have an entry in /etc/hosts.deny like:

ALL: PARANOID

which is causing this behavior.  You can remove that line, or,
alternatively, you can try to get your ISP to fix their DNS (good luck).

I _think_ that even if you remove this line, the two-way lookup is still
done when you are using hostname-based authentication, so you will need to
use all IP addresses for the ssh service regardless of whether PARANOID is
enabled.

-- 
 - mdz