From owner-freebsd-security  Thu Jun 26 17:35:58 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id RAA22860
          for security-outgoing; Thu, 26 Jun 1997 17:35:58 -0700 (PDT)
Received: from darkwing.pacific.net.sg (darkwing.pacific.net.sg [203.120.89.89])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id RAA22855
          for <freebsd-security@FreeBSD.ORG>; Thu, 26 Jun 1997 17:35:55 -0700 (PDT)
Received: (qmail 2591 invoked by uid 100); 27 Jun 1997 00:36:01 -0000
Message-ID: <19970627083601.24101@darkwing.pacific.net.sg>
Date: Fri, 27 Jun 1997 08:36:01 +0800
From: Ng Pheng Siong <ngps@pacific.net.sg>
To: James FitzGibbon <james@nexis.net>
Cc: Nathan Dorfman <nathan@senate.org>, Jim Shankland <jas@flyingfox.com>,
        freebsd-security@FreeBSD.ORG
Subject: Re: SSHD from Inetd
References: <199706261933.PAA20854@limbo.senate.org> <Pine.BSF.3.95q.970626162953.14126A-100000@nexis.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.76e
In-Reply-To: <Pine.BSF.3.95q.970626162953.14126A-100000@nexis.net>; from James FitzGibbon on Thu, Jun 26, 1997 at 04:30:32PM -0400
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Jun 26, James FitzGibbon wrote:
> > Actually I wanted sshd to run with tcpd :) is it possible to do that
> > without inetd? Also, I have seen where sendmail was tcpd'd and HELO
> > would report a pident output! Any info on this?
> 
> sshd can be linked against libwrap and use /usr/local/etc/hosts.allow
> internally.

I've tried --with-libwrap. (Ok, it was on Solaris 2.5, ssh 1.2.17.)

Denied connections were logged, allowed ones weren't, IIRC.
Not good enough for me, so I'm running sshd out of inetd.

Venema provided a short patch on the ssh list, but it didn't 
work for me. 

I can take the performance hit, coz my sshd machine is my desktop,
and I only ever ssh in from my notebook. YMWV.

-- 
Ng Pheng Siong <ngps@pacific.net.sg> 

Fast. Secure. Cheap. Pick two.