@Home in fremont vs. tcpwrappers
Matt Zimmerman
mdz@debian.org
Mon, 17 Dec 2001 14:33:47 -0500
On Thu, Dec 13, 2001 at 10:29:50AM -0800, Stuart Marshall wrote:
> in my (at work) /etc/hosts.allow file, I've attempted to let in the
> subnet that my @home ip is on. The logs indicate that I connect but
> the tcpwrapper routines dump me because gethostbyname() fails. Here
> is the relevant stuff from the log file:
>
> can't verify hostname: gethostbyname(12-234-242-65.client.attbi.com) failed
>
> which was generated in the function sock_hostname(), causing it to
> return PARANOID which then caused my @home ssh client to get dumped.
>
> Does anyone know how to set up /etc/hosts.allow to let in a subnet
> where the hostname for the incoming ip address cannot be looked up?
> I've re-read the hosts_access manpage several times and don't see a
> way. Or perhaps I need some additional options for dhclient to get
> the hostname lookup to work correctly. My home computer thinks it
> has another hostname. I do want to restrict access to subnets.
You probably have an entry in /etc/hosts.deny like:
ALL: PARANOID
which is causing this behavior. You can remove that line, or,
alternatively, you can try to get your ISP to fix their DNS (good luck).
I _think_ that even if you remove this line, the two-way lookup is still
done when you are using hostname-based authentication, so you will need to
use all IP addresses for the ssh service regardless of whether PARANOID is
enabled.
--
- mdz