http://bugzilla.opensuse.org/show_bug.cgi?id=1099755 Bug ID: 1099755 Summary: /etc/hosts.allow /etc/hosts.deny not support ssh Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: simon@becherer.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- wrong security feeling, because text of file /etc/hosts.allow is wrong. written is: # /etc/hosts.allow # See 'man tcpd' and 'man 5 hosts_access' for a detailed description # of /etc/hosts.allow and /etc/hosts.deny. # # short overview about daemons and servers that are built with # tcp_wrappers support: #. # package name | daemon path | token # ---------------------------------------------------------------------------- # ssh, openssh | /usr/sbin/sshd | sshd, sshd-fwd-x11, sshd-fwd-<port> # quota | /usr/sbin/rpc.rquotad | rquotad # tftpd | /usr/sbin/in.tftpd | in.tftpd # portmap | /sbin/portmap | portmap at least toke sshd to allow and deny will not work any more on actual systems (tumbleweed). (maybe others tokens also affected) so user (as i) with low background knowlidge will feel secure if they make settings like: sshd : ALL : deny sshd : 127.0.0.1 : allow sshd : 192.168.0.30 : allow but the system ignores this. -> leading text and maybe manpage has to be changed! -> or if this 2 files host.allow / hosts.deny ar complete obsolete, do not install it at all. -- You are receiving this mail because: You are on the CC list for the bug.