Date: Sat, 12 Sep 1998 01:33:09 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: Roger Marquis <marquis@roble.com>, freebsd-security@FreeBSD.ORG Subject: Re: sshd Message-ID: <Pine.BSF.3.96.980912013100.11752A-100000@fledge.watson.org> In-Reply-To: <23352.905573432@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Sep 1998, Jordan K. Hubbard wrote: > > The recommended sshd startup method used to be /etc/rc*(/*), probably > > for historical reasons. It may still be a good idea on slow CPUs, > > where it can take a while to generate a session key, or where > > inetd.conf isn't running, however, in my experience, sshd is much more > > reliably run from inetd. > > I haven't had that experience myself, so I guess it's one of those > different strokes kinda issues. The one funny thing I've experienced with sshd (+kerberosIV/AFS patches) is that every hour during key regeneration, no one can log in. Connections are accepted via TCP, and the SSH version number banner is passed back, but no logins are allowed during the key generation (users get a login refused of some kind). I believe that is the event that results in this effect) Running it from inetd might improve that arrangement, but on my slower machines the key generation time from running it out of inetd would really suck. :) I keep meaning to track this down but haven't yet. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980912013100.11752A-100000>