On Tue, Jun 25, 2002 at 11:35:50AM +0200, Michael Appeldorn wrote:

Works it too, even if you run sshd in daemon mode? Thought that it will only be honored by tcp-wrapper.

No, sshd calls hosts_access.

But in /etc/ssh/sshd_config you can find an equivalent option named AllowHost. You have to pay some attention, if ipv6 is enabled. That causes to notify even ipv4 addresses in ipv6 notation. This topic was recently discussed right here.

Yes, AllowHost should work too. Ths whole thing is just a question of where the vulnerability is; *before* it checks the client's IP or after. Probably after, but you never know. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann