From owner-freebsd-security Sat Sep 12 20:00:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA11696 for freebsd-security-outgoing; Sat, 12 Sep 1998 20:00:20 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from roble.com (roble.com [207.5.40.50]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11691 for ; Sat, 12 Sep 1998 20:00:18 -0700 (PDT) (envelope-from sendmail@roble.com) Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id TAA21632 for ; Sat, 12 Sep 1998 19:59:58 -0700 (PDT) Date: Sat, 12 Sep 1998 19:59:58 -0700 (PDT) From: Roger Marquis To: freebsd-security@FreeBSD.ORG Subject: Re: sshd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id UAA11692 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you're running inetd then it doesn't seem consistent to start daemons that don't need to run all the time from startup scripts. Inetd was designed to conserve memory. If you have it why not use it? /etc/inetd.conf is also a common place to implement access control (via tcp_wrappers). Other than that I've frequently run into situations where keepalives had to be turned off. In those cases ssh sessions invariably die and their daemons have to be killed-off by hand (kill ). As it is difficult to tell the original daemon from the child daemons it's also easy to accidentally kill the parent. If ssh is the only access you're locked-out. Easier and more consistent to use inetd where it's available, IMHO and YMMV. Roger Marquis Roble Systems Consulting http://www.roble.com/ On 13 Sep 1998, Dag-Erling [iso-8859-1] Coïdan[iso-8859-1] Smørgrav wrote: > "Much more reliable"? What's more reliable than 100%? Have you ever > experienced any problems running sshd from /usr/local/etc/rc.d/? I > haven't, and *all* boxes I control rely entirely on ssh for remote > access, and have inetd disabled. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message