build libwrap into openssh

build libwrap into openssh

Post by Daniel Huan » Sat, 20 Nov 2004 03:27:27



Hi,

I was trying to add tcpwrapper library to Openssh3.9, but when I check with
ldd after compiling, there is still no support for libwrap. Any clue ? Or
there is any trick ?

I copied both libwrap.a and tcpd.h to /usr/lib and /usr/include dir. and
crle showes these dir

Thanks

*************************************************************************************

#./configure --prefix=/usr/lib/ssh --sysconfdir=/etc/ssh --with-pam --with-tcp-wrappers
 --with-md5-passwords

# make

# make install

 
 
 

build libwrap into openssh

Post by Marc » Sat, 20 Nov 2004 04:11:47



> I was trying to add tcpwrapper library to Openssh3.9, but when I check with
> ldd after compiling, there is still no support for libwrap. Any clue ? Or
> there is any trick ?

> I copied both libwrap.a and tcpd.h to /usr/lib and /usr/include dir. and
> crle showes these dir

ldd checks for dynamic libraries, that is *.so* file, and *.a is a static
archive (when linked with, the code gets copied into your application).
So if openssh does indeed have support for libwrap, ldd will not tell
you. Did you have no libwrap.so?? For a quick check whether libwrap was
used, I would look at the symbol table of your executable.

 
 
 

build libwrap into openssh

Post by David Nix » Sun, 21 Nov 2004 00:57:43


Quote:> Hi,
> I was trying to add tcpwrapper library to Openssh3.9, but when I check with
> ldd after compiling, there is still no support for libwrap. Any clue ? Or
> there is any trick ?
> I copied both libwrap.a and tcpd.h to /usr/lib and /usr/include dir. and
> crle showes these dir

 'ldd' is for checking shared libraries -  you could, though, use 'nm' to
see if tcpwrapper support is  present:

zenoah-371 $ nm sshd2 |grep tcpd                
tcpd_buf            |1073902376|extern|data   |$BSS$
tcpd_context        |1073902584|extern|data   |$BSS$
tcpd_diag           |   1022224|static|entry  |$CODE$
tcpd_jump           |   1022432|extern|code   |$CODE$
tcpd_warn           |   1022360|extern|code   |$CODE$

besides it wouldn't have linked without finding a wrapper library.

Quote:> Thanks
> *************************************************************************************
> #./configure --prefix=/usr/lib/ssh --sysconfdir=/etc/ssh --with-pam --with-tcp-wrappers
>  --with-md5-passwords
> # make
> # make install

DaveN.
 
 
 

build libwrap into openssh

Post by Roger Marqui » Sun, 21 Nov 2004 01:09:40



Quote:>I was trying to add tcpwrapper library to Openssh3.9, but when I check with
>ldd after compiling, there is still no support for libwrap. Any clue ? Or
>there is any trick ?

I've found it easier to simply run sshd out of inetd.  As long as
you're already using inetd for other daemons this is a no brainer.
The performance difference between inetd+sshd and standalone sshd
is hardly noticeable.  The line in /etc/inetd.conf should look like
this:

 ssh stream tcp nowait root /usr/sbin/tcpd /usr/local/openssh/bin/sshd -i

Another advantage to using inetd is that you can update sshd_config
without having to kill-1 the base sshd.  Don't forget to delete any
sshd rc/startup scripts.

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/

 
 
 

1. Building and Deploying OpenSSH for Solaris

OpenSSH is one of several tools that implement the SSH1 and
SSH2 protocols to provide network protection.
OpenSSH encrypts all network traffic, provides stronger
authentication, and monitors the integrity of the network
session.  It also provides a tunneling mechanism for
X-windows communications and other unsafe network services.
OpenSSH is an open source tool, built from several other
open source components, and is available for free with no
license restrictions or patented algorithms.  Most
importantly, OpenSSH provides equivalent replacements for
the commands that users are familiar with.  This allows an
organization to quickly switch to OpenSSH with little user
training required.  OpenSSH compiles and runs on the Solaris
OE and can be deployed immediately.

Several components must be built prior to building OpenSSH
itself.  This article describes each necessary component and
provides recommendations for configuration and compilation
options.  OpenSSH is a flexible tool with several options
that affect its integration into a site's security policy.
These options are explored in this article, and issues of
packaging and deployment are also addressed.

Read this article by Jason Reid, a test engineer in the Solaris
System Test Group at Sun Microsystems, and Keith Watson, the
product manager for core Solaris security at Sun Microsystems,
at the following location:

http://www.sun.com/blueprints/0701/openSSH.html    

The article is also available in a PDF format at the
following location:

http://www.sun.com/blueprints/0701/openSSH.pdf

This article is part of Sun's BluePrints program, Sun's
source for information on best practices using Sun
solutions.  For more BluePrints or to sign up for a
newsletter with the latest information on recently published
articles, books, and CDs available in the "Sun BluePrints"
section of sun.com, visit:

http://www.sun.com/blueprints

2. lp refusing to shut up

3. Building OpenSSH 3.9p1 on Solaris 10

4. Installing SSH 2.4.0

5. Building OpenSSH

6. netconfig.h and stropts.h

7. Problems building OpenSSH and ssh-1.2.27

8. fax and efax

9. Upgrade OpenSSH 2.9p2 to OpenSSH-4.2p1 on Solaris 8 for SPARC

10. libwrap.a for solaris 2.6 (sparc)

11. rpcbind linked with libwrap?

12. smbd (samba) and libwrap

13. Libwrap refuses ftp connection, Red Hat 8.0