Cannot SSH into host on local network using TCP wrappers, despite allowing "sshd : LOCAL" in /etc/hosts.allow

Thomas Grusz

3/15/24, 10:09 AM

I have two servers running ubuntu server 22.04.2 LTS on my local network, the servers have the following names and IP addresses: ubuntuserver100 - 192.168.50.100 and ubuntuserver101 - 192.168.50.101 with the same user installed. Both have openssh-server 1:8.9p1-3ubuntu0.1 installed.

I would like to restrict ssh access to ubuntuserver100 to my local area network (192.168.50.0/24) only, using the legacy technology 'TCP wrappers'.

I added the following lines in the respective TCP wrapper files:

/etc/hosts.deny :
sshd: ALL

/etc/hosts.allow :
sshd: LOCAL

When I try to ssh from ubuntuserver101 into ubuntuserver100 it throws the following error:

thomasgrusz@ubuntuserver101:~$ ssh thomasgrusz@ubuntuserver100
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.50.100 port 22
thomasgrusz@ubuntuserver101:~$

The man pages say:

 LOCAL  Matches any host whose name does not contain a dot character.

As the hostname I am trying to ssh in from is ubuntuserver101 , I don't understand why I am blocked.

If I change the line in /etc/hosts.allow to sshd 192.168.50. everything works fine.

Any ideas?

116

0 + 2

server

ssh

firewall

steeldriver

3/15/24, 12:56 PM

I suspect it's because the remote host doesn't even see the client hostname, only its LAN IP address - it would need to do some kind of reverse DNS or reverse mDNS lookup (which might well return a qualified hostname like `ubuntuserver100.local` anyhow). What do the variables `SSH_CLIENT` and `SSH_CONNECTION` contain when you are connected?

Thomas Grusz

3/15/24, 1:30 PM

```SSH_CLIENT``` contains ```192.168.50.101 60696 22``` and ```SSH_CONNECTION``` contains ```192.168.50.101 60696 192.168.50.100 22```

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Cannot SSH into host on local network using TCP wrappers, despite allowing "sshd : LOCAL" in /etc/hosts.allow

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.