Date: Tue, 15 Jan 2013 15:01:20 +0200 From: Volodymyr Kostyrko <c.kworr@gmail.com> To: Frank Staals <frank@fstaals.net> Cc: Erich Dollansky <erichsfreebsdlist@alogt.com>, Matthias Apitz <guru@unixarea.de>, "questions@FreeBSD.org" <questions@FreeBSD.org>, Mannase Nyathi <mannase@cipherwave.co.za> Subject: Re: SSH on FreeBSD Message-ID: <50F55320.5030703@gmail.com> In-Reply-To: <87wqvefw78.fsf@Shanna.FStaals.net> References: <sbmp-dontrebrand-1Tv3TH-0001qu-44-mannase@cipherwave.co.za> <64344677AECE934682A4243703F508681E09737D@CW-EXCH01.cipherwave.local> <20130115174536.78ecf7e3@X220.ovitrap.com> <20130115105006.GA2291@tiny.Sisis.de> <50F54E40.9090406@gmail.com> <87wqvefw78.fsf@Shanna.FStaals.net>
next in thread | previous in thread | raw e-mail | index | archive | help
15.01.2013 14:48, Frank Staals: > Volodymyr Kostyrko <c.kworr@gmail.com> writes: > >> <snip> >> In FreeBSD there are two ways of enabling sshd: default, fast and easy through >> rc.conf and a bit tricky and secure via inetd.conf. Everyone can select their >> own poison. I personally prefer the latter one. > > You seem to imply that enabling sshd through inetd is more secure than > directly through rc.conf. Care to elaborate on that? * there's no central process to target with attacks; * SSHv1 server key is regenerated every time new connection is created; * with inetd you can force max connections per minute rate or max connections per ip. -- Sphinx of black quartz, judge my vow.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50F55320.5030703>