Subject: Re: openssh and -current
To: None <rmk@rmkhome.com>
From: John F. Woods <jfw@jfwhome.funhouse.com>
List: current-users
Date: 06/30/2002 12:28:10
> Turns out it wasn't ssh. It was libwrap. It seems that the treatment of
> hosts.deny has changed.
> I was using just a hosts.deny file with lines like:
> rpcbind: ALL EXCEPT .rmkhome.com, localhost
> That doesn't work anymore. A hosts.allow and a hosts.deny file are now
> required.

I think that hosts.allow is sufficient:  I have

	rexecd: LOCAL, .funhouse.com: ALLOW
	rexecd: ALL: DENY
	telnetd: LOCAL, .funhouse.com: ALLOW
	telnetd: ALL: DENY

in hosts.allow and no hosts.deny, and it appears to do what I want.