openssh从6.6版本开始,就去掉了tcp_wrapper的支持(官方说希望别的手段,比如:iptables来做防护),所以当我升级到7.2的时候发现没有了hosts.allow限制登录了,为了方便,我这边还是把这块代码给它加回去了;
方法:
编辑:sshd.c
在大约128行左右,找到 #include “ssherr.h”,在后面增加如下内容:
|
1 2 3 4 5 6 |
/*add by fengjie.zhou for tcp-wrappers begin */ #include <tcpd.h> #include <syslog.h> int allow_severity = LOG_INFO; int deny_severity = LOG_WARNING; /*add by fengjie.zhou for tcp-wrappers end*/ |
然后在2150行左右,remote_ip = get_remote_ipaddr();后增加如下内容
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
/*add by fengjie.zhou for tcp-wrapper begin*/ /* Check whether logins are denied from this host. */ if (packet_connection_is_on_socket()) { struct request_info req; request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); fromhost(&req); if (!hosts_access(&req)) { debug("Connection refused by tcp wrapper"); refuse(&req); /* NOTREACHED */ fatal("libwrap refuse returns"); } } /*add by fengjie.zhou for tcp-wrapper end*/ |
然后重新编译做成rpm或者直接编译安装即可;