Date: Mon, 14 Sep 1998 19:05:57 +0200 From: sthaug@nethelp.no To: marquis@roble.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: sshd Message-ID: <4809.905792757@verdi.nethelp.no> In-Reply-To: Your message of "Mon, 14 Sep 1998 09:02:30 -0700 (PDT)" References: <Pine.SUN.3.96.980914085125.27468B-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The real issue, it seems to me, is consistency. If ftp, telnet, rsh, > rlogin, etc. run from inetd then sshd should also. The original reason it > wasn't is the key generation delay, which isn't an issue on anything > faster than a 486/25. That may be the real issue for you - not necessarily for everybody. Also, the key generation delay is certainly measurable. Running "ssh host date" between two P-166 machines: - sshd running as daemon: 1 - 1.2 seconds - sshd running from inetd: 4 - 5 seconds That difference may not be significant for a long term login session, but could easily be significant for rsh type use. Myself, I have turned off most services in /etc/inetd.conf. The fewer services that run, the fewer possible holes. I *definitely* don't run rsh and rlogin. For high security situations I recommend against using the standard inetd - better to use for instance Marcus Ranum's mini-inetd (79 lines) where you can more easily convince yourself that the code does what you want. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4809.905792757>