Date: Fri, 12 May 2006 13:07:22 -0500 From: Eric Schuele <e.schuele@computer.org> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Pros and Cons of running under inetd.... Message-ID: <4464CEDA.80906@computer.org> In-Reply-To: <20060512171515.GC34035@catflap.slightlystrange.org> References: <4464B95D.1040702@computer.org> <20060512171515.GC34035@catflap.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Bye wrote: > On Fri, May 12, 2006 at 11:35:41AM -0500, Eric Schuele wrote: >> Hello, >> >> I run sshd and ftpd on my laptop. I generally start them via: >> sshd_enable="YES" >> ftpd_enable="YES" >> in my rc.conf. >> >> What are the pros/cons of running them via inetd? >> >> This is in no way a high load or production machine. Just my laptop >> that I need access to from time to time. >> >> The one pro I have noticed (which is rather important to me) is that >> ftpd does not heed hosts.allow directives when NOT run via inetd. Am I >> correct in this? I prefer to use tcpwrappers to further protect my sshd >> and ftpd. I generally keep ftpd firewalled off from the world and when >> someone needs to (anonymous) ftp something to me I open the firewall. >> But it would be nice to allow only their IP using hosts.allow (as I just >> enable/disable a generic ruleset in ipfw). So should I forget to >> disable the ruleset in ipfw then I am not open all day till I reboot. > Thanks for the response. > When sshd starts, it needs to generate keys and set up its cryptographic > environment, so you will notice a bit of lag before getting a login > prompt. This may or may not mean anything to you, depending on how > beefy your laptop is. > > Check man sshd for the -i option. > > sshd should, by default, be compiled with tcpwrappers support anyway. > You can test whether this is the case by putting something like this at > the top of your hosts.allow: > > sshd : 127.0.0.1 : deny > > and then try connecting on the loopback interface. If you see `refused > connect from localhost' in your /var/log/auth.log, then your sshd uses > hosts.allow and running it from inetd won't give you any benefit. > Actually I have sshd under control. It works fine, and yes uses tcpwrappers by default. > I don't know about ftpd, as I don't use it. ftpd however does not seem to use them. > > Dan > Although I am curious about ftpd and tcpwrappers.... I am also interested in whether or not running these daemons under inetd is preferred or not. If so why? If not, why? -- Regards, Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4464CEDA.80906>