From owner-freebsd-security Wed Mar 15 14: 5:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.sdca.home.com (ha1.rdc1.sdca.home.com [24.0.3.66]) by hub.freebsd.org (Postfix) with ESMTP id 4E31837C269 for ; Wed, 15 Mar 2000 14:04:49 -0800 (PST) (envelope-from larry@interactivate.com) Received: from interactivate.com ([24.15.133.36]) by mail.rdc1.sdca.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000315220448.KYDS14303.mail.rdc1.sdca.home.com@interactivate.com>; Wed, 15 Mar 2000 14:04:48 -0800 Message-ID: <38D00906.389A9A28@interactivate.com> Date: Wed, 15 Mar 2000 14:04:54 -0800 From: Lawrence Sica Organization: Interactivate, Inc X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Rodrigo Campos Cc: freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: Content-Type: multipart/mixed; boundary="------------F37E95190F171FB493FFD703" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------F37E95190F171FB493FFD703 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Rodrigo Campos wrote: > On Wed, 15 Mar 2000, Sheldon Hearn wrote: > > > > > > > On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote: > > > > > In the /etc/hosts.allow file there's a comment saying that "is not > > > normally a good idea" to wrapp sshd(8) > > > > The answer has nothing to do with secrurity, although you couldn't have > > known that without reading the sshd(8) manual page. :-) > > > > Look for the first occurance of the word inetd in the sshd(8) manual > > page. > > But my question has nothing to do with inetd, by "wrapping sshd" I mean > compiling it with support to libwrap, wich would make it read the > /etc/hosts.allow file in order to grant or deny access based on the > client hostname or ip address, even when it's running as a daemon. > sshd can do this within it's own config file already. The reasons for not running it in inetd are pretty much the same for not wrapping it. --Larry > > -- > ________________________ > Rodrigo Albani de Campos > Matrix Internet - NOC > http://www.br-unix.org/users/campos/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --------------F37E95190F171FB493FFD703 Content-Type: text/x-vcard; charset=us-ascii; name="larry.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Lawrence Sica Content-Disposition: attachment; filename="larry.vcf" begin:vcard n:Sica;Lawrence tel;fax:858-793-4069 tel;work:858-793-4060 x-mozilla-html:FALSE url:http://www.interactivate.com org:Interactivate, Inc. adr:;;2244b Carmel Valley Rd;Del Mar;CA;92014;USA version:2.1 email;internet:larry@interactivate.com title:Systems Adminstrator fn:Lawrence Sica end:vcard --------------F37E95190F171FB493FFD703-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message