Solaris [ 9 / 10 ]Troubleshooting: Controlling SSH Connections

The sshd daemon that comes with the Solaris 9 & 10 Operating System uses TCP (Transmission Control Protocol) Wrappers (also called “libwrap”) to control access to hosts.

(Unlike other systems, Solaris 9 & 10 does not use the OpenSSH keywords “AllowHosts” and “DenyHosts” to permit or prevent SSH [Secure Shell] connections).

TCP wrapper support is compiled into the sshd binary and sshd, which runs as a standalone daemon. (Unlike other services, the Solaris 9 & 10 Operating System Secure Shell daemon is not under the control of inetd and tcpd.)

If sshd is running, and if the wrapper access control files are present and correctly configured, you have all that you need to control host access.

Configuration Steps:

In this article controlling host access is a two-part process. First you test the Solaris 9 & 10 Operating System Secure Shell functionality, and thenyou activate the access control files.  Follow these steps:

1. On the server running the sshd daemon, enter:

sshd-server# mv /etc/hosts.allow /var/tmp/

sshd-server# mv /etc/hosts.deny /var/tmp/

By default these files doen’t exist and if they exist so there is a configuration that must be maintained so you need to execute step 6.

2. On a SSH client, enter:
ssh-client$ ssh -l

If you have no problems with the two preceding steps, proceed. Otherwise, you should troubleshoot your SSH functionality before you continue.

3. You will now grant access to the host with name “hostA,” and deny access to all other hosts. On the server running the sshd daemon, enter:

sshd-server# echo “sshd : hostA” > /etc/hosts.allow

sshd-server# echo “sshd : ALL” > /etc/hosts.deny

4. Next, you will test the allow access. On hostA, enter:

hostA$ ssh -l

This should succeed.

5. Now test the deny access. On another host, enter:

other_host$ ssh -l
This should fail.

6. Restore the original configuration by entering the following commands on the server running the sshd daemon:

sshd-server# mv /var/tmp/hosts.allow /etc/hosts.allow

sshd-server# mv /var/tmp/hosts.deny /etc/hosts.deny

If your tests were successful, both sshd and the wrappers are working correctly.



I have started ( aka in 2009 as my own personal reference blog, and later sometime i have realized that my leanings might be helpful for other unixadmins if I manage my knowledge-base in more user friendly format. And the result is today's' You can connect me at -

What is in your mind, about this post ? Leave a Reply

  Our next learning article is ready, subscribe it in your email

What is your Learning Goal for Next Six Months ? Talk to us