# [SOLVED] /etc/hosts.allow doesn't work ?

## mun1ek

my /etc/hosts.deny 

```
ALL: ALL 
```

my /etc/hosts.allow 

```
ALL: 79.185.xxx.xxx 
```

when i try connect by ssh from 79.185.xxx.xxx host, i get:

```
ssh_exchange_identification: Connection closed by remote host 
```

in log i get:

```
gentoo sshd[10850]: refused connect from 0.0.0.0
```

the same problem is when i use for example 127.0.0.1 instead of 79.185.xxx.xxx

only with: ALL: ALL in hosts.allow, i can connect.

What's the problem ?

Problem SOLVED!

I have updated openssh from to 4.7_p1-r2 to 5.0_p1-r1 version, and now hosts.allow and hosts.deny works!!!

----------

## octanez

Did you add tcp-wrappers to ssh? If I remember they are required for SSHD to use /etc/hosts.*.

----------

## mun1ek

What You mean "add" ? tcp-wrappers was installed.

----------

## octanez

 *mun1ek wrote:*   

> What You mean "add" ? tcp-wrappers was installed.

 

Just trying to identify what changed, and gave you the result that you wanted, to help future people who come across this post.

----------

## ricochen27

I can confirm that I had problem with openssh version 4.7_p1-r2 as well. I have the following configurations

/etc/hosts.deny

sshd: 192.168.1.25

/etc/portage/packages.use

net-misc/openssh tcpd

and I run openssh (4.7_p1-r2) at host 192.168.1.254 whose hostname is server.mydomain.net (I have name server bind running on this host). My openssh is compiled with tcpd option on. The problem I had is if I try to ssh (from host 192.168.1.25) to the server by its ip, that is

#I run ssh on custom port 9922

ssh -p 9922 js@192.168.1.254

I found that most of the time I didn''t get "connection refused" message, instead I am still able to log in even I have explicitly ban that IP. BTW I have nothing in my /etc/hosts.allow

And if I did get "connection refused" message, I noticed that I could easily bypass it by using the server's hostname, that is,

If I do

ssh -p 9922 js@server.mydomain.net

IP 192.168.1.25 didn't get banned based on the server's /etc/hosts.deny file.

After I saw mun1ek's post, I upgraded my openssh to the newest version (5.0_p1_r1):

emerge --sync

echo "net-misc/openssh" >> /etc/portage/package.keywords

emerge openssh

/etc/init.d/sshd restart

and problem got solved.

----------

