From owner-freebsd-stable@freebsd.org Wed Sep 23 10:19:14 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C130FA06355 for ; Wed, 23 Sep 2015 10:19:14 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id AA0D2198E for ; Wed, 23 Sep 2015 10:19:14 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: by mailman.ysv.freebsd.org (Postfix) id A6EDBA06353; Wed, 23 Sep 2015 10:19:14 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6869A06352 for ; Wed, 23 Sep 2015 10:19:14 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 67E90198A for ; Wed, 23 Sep 2015 10:19:13 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 5FB072842E; Wed, 23 Sep 2015 12:11:07 +0200 (CEST) Received: from illbsd.quip.test (ip-89-177-49-111.net.upcbroadband.cz [89.177.49.111]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 270EE2840C; Wed, 23 Sep 2015 12:11:05 +0200 (CEST) Message-ID: <56027AB8.9080301@quip.cz> Date: Wed, 23 Sep 2015 12:11:04 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32 MIME-Version: 1.0 To: "Eugene M. Zheganin" , stable@freebsd.org Subject: Re: when the sshd hits the fan References: <56026686.8030308@norma.perm.ru> In-Reply-To: <56026686.8030308@norma.perm.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2015 10:19:14 -0000 Eugene M. Zheganin wrote on 09/23/2015 10:44: > Hi. > > I'm trying to understand why the sshd still starts after local daemons, > out-of-the-box, and what it takes to make this extremely vital service > to start before non-system (local) ones. I bet I'm not the first one to > ask, so why isn't this already done ? Seems quite easy for me. I was thinking about this a long time ago and instead of trying to change FreeBSD, I just added one simple file on each of our servers: ~/> cat /usr/local/etc/rc.d/sshd_reorder #!/bin/sh # PROVIDE: sshd_reorder # REQUIRE: LOGIN sshd ## this file is just to start sshd earlier on the boot ## mainly before long starting processes like jails, mysql, apache etc. ## ## place this file in to /usr/local/etc/rc.d/sshd_reorder ## and make it executable chmod 0555 /usr/local/etc/rc.d/sshd_reorder It is not perfect, because some services are still started before sshd. Miroslav Lachman