hosts.deny ignored by MacOSX 10.8

Posted by David Holm on Server Fault See other posts from Server Fault or by David Holm
Published on 2012-09-09T09:39:57Z Indexed on 2012/11/20 11:07 UTC
Read the original article Hit count: 285

Filed under:
|
|

I have been trying to set up my MacOS X Server, which I recently upgraded to Mountain Lion, to use denyhosts as I need to open port 22 to it. denyhosts is set up and adds entries to /etc/hosts.deny so I decided to add my laptops IP to it in order to verify that it actually works but I can still log in and my IP shows up in /private/var/log/system.log. I even rebooted the server once just to be sure there wasn't some service that had to be restarted.

I tried the following entries:

ALL: <my laptop's IP>
sshd: <my laptop's IP>
sshd: 127.0.0.1

My /etc/sshd_config has the following parameters set:

UsePAM yes
UseDNS no

I Googled if deny.hosts has been deprecated in OSX 10.7 or 10.8 but I couldn't find any indications that it has. Any ideas of what is going wrong or if there is an alternative way to achieve the same result?

Yes, a private key would solve this problem but for the time being I would like to stick to using password authentication. I also like the idea of denyhosts actually blocking access to all services running on the server and not just ssh.

© Server Fault or respective owner

Related posts about ssh

Related posts about macosx