|Securing and Optimizing Linux: RedHat Edition -A Hands on Guide|
|Prev||Chapter 16. Software -Securties(commercial)||Next|
Tcp-wrappers shoud be enabled to start and stop the sshd2 server. Upon execution, inetd reads its configuration information from a configuration file which, by default, is /etc/inetd.conf. There must be an entry for each field of the configuration file, with entries for each field separated by a tab or a space.
Edit the inetd.conf file, vi /etc/inetd.conf and add the line:
ssh stream tcp nowait root /usr/sbin/tcpd sshd -i
: The -i parameter is important since it specifies that sshd is being run from inetd. Also, update your inetd.conf file by sending a SIGHUP signal, killall -HUP inetd after adding the above line into the file.
[root@deep] /#killall -HUP inetd
Edit the hosts.allow file, vi /etc/hosts.allow and add the line:
sshd: 192.168.1.4 win.openna.com
Note: These daemon strings for tcp-wrappers are in use by sshd2:
- sshd, sshd2
The name sshd2 was called with usually sshd.
if you want to allow/deny X11-forwarding.
port-name defined in /etc/services. Used in tcp-forwarding.
: If you do decide to switch to using ssh, make sure you install and use it on all your servers. Having ten secure servers and one insecure is a waste of time.