On 3 Jun 2004 17:51:46 GMT, a posting issued forth from Jem Berkes...
>> to only permit access to the server from a select number of IP addresses
>> however it doesn't work (meaning access is permitted from all IP
>> addresses regardless of origin).
>
> OpenSSH doesn't use tcp wrappers as it is a standalone server (in the
> normal installation). It's best to do this using Linux 2.4's netfilter,
> which you can access using iptables. Then you can be sure the selective
> access will work no matter what happens within the SSH server software.
>
> iptables -A INPUT -i eth0 -p tcp --dport 22 -s 1.2.3.4 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 22 -s 4.3.2.1 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 22 -j DROP
>

The OpenSSH on Fedora Core 2 does:

# ldd `which sshd`
linux-gate.so.1 => (0x00b99000)
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00607000)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
libpam.so.0 => /lib/libpam.so.0 (0x00111000)
libdl.so.2 => /lib/libdl.so.2 (0x0059b000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00715000)
libutil.so.1 => /lib/libutil.so.1 (0x00119000)
libz.so.1 => /usr/lib/libz.so.1 (0x006fa000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00766000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x007d6000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00e81000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x0059f000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x005cc000)
libc.so.6 => /lib/tls/libc.so.6 (0x008d8000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00142000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x0011d000)

HAND
Jacob