Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Sep 1998 19:59:58 -0700 (PDT)
From:      Roger Marquis <marquis@roble.com>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: sshd
Message-ID:  <Pine.SUN.3.96.980912195112.21513A-100000@roble.com>
In-Reply-To: <xzpbtokesgh.fsf@hvergelmir.ifi.uio.no>

next in thread | previous in thread | raw e-mail | index | archive | help
If you're running inetd then it doesn't seem consistent to start
daemons that don't need to run all the time from startup scripts.
Inetd was designed to conserve memory.  If you have it why not use it?
/etc/inetd.conf is also a common place to implement access control (via
tcp_wrappers).

Other than that I've frequently run into situations where keepalives
had to be turned off.  In those cases ssh sessions invariably die and
their daemons have to be killed-off by hand (kill <PID>).  As it is
difficult to tell the original daemon from the child daemons it's also
easy to accidentally kill the parent.  If ssh is the only access you're
locked-out.  Easier and more consistent to use inetd where it's
available, IMHO and YMMV.

Roger Marquis
Roble Systems Consulting
http://www.roble.com/

On 13 Sep 1998, Dag-Erling [iso-8859-1] Coïdan[iso-8859-1] Smørgrav wrote:
> "Much more reliable"? What's more reliable than 100%? Have you ever
> experienced any problems running sshd from /usr/local/etc/rc.d/? I
> haven't, and *all* boxes I control rely entirely on ssh for remote
> access, and have inetd disabled.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980912195112.21513A-100000>