From owner-freebsd-security  Thu Jun 26 12:31:48 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA07331
          for security-outgoing; Thu, 26 Jun 1997 12:31:48 -0700 (PDT)
Received: from biggusdiskus.flyingfox.com (biggusdiskus.flyingfox.com [206.14.52.27])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA07326
          for <freebsd-security@FreeBSD.ORG>; Thu, 26 Jun 1997 12:31:46 -0700 (PDT)
Received: (from jas@localhost)
	by biggusdiskus.flyingfox.com (8.8.5/8.8.5) id MAA00269;
	Thu, 26 Jun 1997 12:31:08 -0700 (PDT)
Date: Thu, 26 Jun 1997 12:31:08 -0700 (PDT)
From: Jim Shankland <jas@flyingfox.com>
Message-Id: <199706261931.MAA00269@biggusdiskus.flyingfox.com>
To: freebsd-security@FreeBSD.ORG, nathan@senate.org
Subject: Re: SSHD from Inetd
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Firing up sshd from inetd is a bad idea, as sshd does non-trivial key
generation work on startup.  It really wants to start up once, then fork
for each incoming connection.

Or you can do what we've done on some of our machines, and turn off inetd,
leaving *only* sshd running.  Who needs legacy protocols like telnet and
ftp when you've got sshd?  (Tongue partly in cheek here; but only partly.
This really does work well in some environments.)

Jim Shankland
Flying Fox Computer Systems, Inc.