From owner-freebsd-security Wed Mar 15 22:15:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.sdca.home.com (ha1.rdc1.sdca.home.com [24.0.3.66]) by hub.freebsd.org (Postfix) with ESMTP id 1639337BD8E for ; Wed, 15 Mar 2000 22:15:28 -0800 (PST) (envelope-from larry@interactivate.com) Received: from interactivate.com ([24.15.133.36]) by mail.rdc1.sdca.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000316061527.XGDV14303.mail.rdc1.sdca.home.com@interactivate.com>; Wed, 15 Mar 2000 22:15:27 -0800 Message-ID: <38D07C08.28FB5CF7@interactivate.com> Date: Wed, 15 Mar 2000 22:15:36 -0800 From: Lawrence Sica Organization: Interactivate, Inc X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Doug Barton Cc: Rodrigo Campos , freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: <38D00906.389A9A28@interactivate.com> <38D07B98.53CBA3E@gorean.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Doug Barton wrote: > Lawrence Sica wrote: > > > sshd can do this within it's own config file already. > > True, but I've always found it more convenient to have all of my system > access limits in the same file. (Well, two files, hosts.allow and > rc.firewall, so I really don't want a third...) > > > The reasons for not > > running it in inetd are pretty much the same for not wrapping it. > > No, not running it out of inetd is a whole different issue. The theory > is that sshd is more reliable than inetd, and you always want to be able > to get into your system. I have always thought that the sshd authors > were a bit grandiose on that topic.. :) > Ahh i was led to believe it was due to the fact it needs to generate a key and all the fun stuff associated with it. Didn;t know that the big ego theory applied there heh. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message