From owner-freebsd-questions Thu Apr 11 3:57:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by hub.freebsd.org (Postfix) with ESMTP id D732837B405 for ; Thu, 11 Apr 2002 03:57:43 -0700 (PDT) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Thu, 11 Apr 2002 11:57:38 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 16vcFE-0001Jl-00; Thu, 11 Apr 2002 11:56:00 +0100 Date: Thu, 11 Apr 2002 11:56:00 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: Stephen Hoover Cc: FreeBSD Questions Subject: Re: sshd & tcp wrappers - bad idea? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 10 Apr 2002, Stephen Hoover wrote: > I just recently started playing with tcp wrappers and I noticed in the > config file it says: > > "Wrapping sshd(8) is not normally a good idea..." > > I was just wondering why that is... sshd does some fairly intensive calculations when it starts up in order to generate some random keys. Over time, it will regenerate these; however, if you stick it inside inetd rather than running standalone, it'll do all the work for every connection. This takes time and can exhaust the entropy pool. jan -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk Strive to live every day as though it was last Wednesday. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message