From owner-freebsd-security Wed Mar 15 22:14: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id 766D537BA56 for ; Wed, 15 Mar 2000 22:14:00 -0800 (PST) (envelope-from Doug@gorean.org) Received: from gorean.org (doug@master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id WAA07374; Wed, 15 Mar 2000 22:13:45 -0800 (PST) (envelope-from Doug@gorean.org) Message-ID: <38D07B98.53CBA3E@gorean.org> Date: Wed, 15 Mar 2000 22:13:44 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0313 i386) X-Accept-Language: en MIME-Version: 1.0 To: Lawrence Sica Cc: Rodrigo Campos , freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: <38D00906.389A9A28@interactivate.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lawrence Sica wrote: > sshd can do this within it's own config file already. True, but I've always found it more convenient to have all of my system access limits in the same file. (Well, two files, hosts.allow and rc.firewall, so I really don't want a third...) > The reasons for not > running it in inetd are pretty much the same for not wrapping it. No, not running it out of inetd is a whole different issue. The theory is that sshd is more reliable than inetd, and you always want to be able to get into your system. I have always thought that the sshd authors were a bit grandiose on that topic.. :) Doug -- "While the future's there for anyone to change, still you know it seems, it would be easier sometimes to change the past" - Jackson Browne, "Fountain of Sorrow" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message