Date: Fri, 17 Mar 2000 09:52:18 -0500 From: James FitzGibbon <james@targetnet.com> To: Rodrigo Campos <camposr@MATRIX.COM.BR> Cc: Sheldon Hearn <sheldonh@uunet.co.za>, freebsd-security@freebsd.org Subject: Re: wrapping sshd Message-ID: <20000317095218.D41950@targetnet.com> In-Reply-To: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br> References: <59327.953151264@axl.ops.uunet.co.za> <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
* Rodrigo Campos (camposr@MATRIX.COM.BR) [000315 16:58]: > > The answer has nothing to do with secrurity, although you couldn't have > > known that without reading the sshd(8) manual page. :-) > > > > Look for the first occurance of the word inetd in the sshd(8) manual > > page. > > But my question has nothing to do with inetd, by "wrapping sshd" I mean > compiling it with support to libwrap, wich would make it read the > /etc/hosts.allow file in order to grant or deny access based on the > client hostname or ip address, even when it's running as a daemon. I agree with you on this one; the comment should be in /etc/inetd.conf and changed to reference the downside of having sshd running from inetd. The ports Makefile for the original datafellows sshd has the commment: # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # and I have always compiled my copy of sshd linked with libwrap for this reason. -- j. James FitzGibbon james@targetnet.com Targetnet.com Inc. Voice/Fax +1 416 306-0466/0452 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000317095218.D41950>