From owner-freebsd-security Thu Jun 26 13:27:51 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA10456 for security-outgoing; Thu, 26 Jun 1997 13:27:51 -0700 (PDT) Received: from verdi.nethelp.no (verdi.nethelp.no [195.1.171.130]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id NAA10449 for ; Thu, 26 Jun 1997 13:27:45 -0700 (PDT) From: sthaug@nethelp.no Received: (qmail 4733 invoked by uid 1001); 26 Jun 1997 20:27:19 +0000 (GMT) To: jas@flyingfox.com Cc: freebsd-security@FreeBSD.ORG, nathan@senate.org Subject: Re: SSHD from Inetd In-Reply-To: Your message of "Thu, 26 Jun 1997 12:31:08 -0700 (PDT)" References: <199706261931.MAA00269@biggusdiskus.flyingfox.com> X-Mailer: Mew version 1.05+ on Emacs 19.28.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Thu, 26 Jun 1997 22:27:19 +0200 Message-ID: <4731.867356839@verdi.nethelp.no> Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Or you can do what we've done on some of our machines, and turn off inetd, > leaving *only* sshd running. Who needs legacy protocols like telnet and > ftp when you've got sshd? (Tongue partly in cheek here; but only partly. > This really does work well in some environments.) You're not the only one. We have some machines here with only ssh login, and the only thing run out of inetd is the qmail smtpd. I've been wishing for a few more knobs for just such situations - for instance a knob to control whether portmap is started or not. I normally turn off portmap - because I have no use for it, and because portmap has traditionally had security holes. (I'm confident that the FreeBSD portmap is better than the old SunOS 4.1.x portmap in this regard, but it could still have security holes.) Steinar Haug, Nethelp consulting, sthaug@nethelp.no