Date: Fri, 19 Sep 2003 01:19:51 +0100 From: Bruce M Simpson <bms@spc.org> To: Avleen Vig <lists-freebsd@silverwraith.com> Cc: Roger Marquis <marquis@roble.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh Message-ID: <20030919001951.GD2720@saboteur.dek.spc.org> In-Reply-To: <20030918231811.GE527@silverwraith.com> References: <20030918192135.744AADACAF@mx7.roble.com> <20030918231811.GE527@silverwraith.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 18, 2003 at 04:18:11PM -0700, Avleen Vig wrote: > On Thu, Sep 18, 2003 at 12:21:35PM -0700, Roger Marquis wrote: > > Why FreeBSd's default installation still uses a legacy stand-alone > > ssh daemon is a question many systems administrators are asking. > > I'm certainly not one of those systems administrators. > I manage > 700 systems on a daily basis (not alone, obviosuly, and not > all FreeBSD). > I don't want one service (ssh) being dependant on anoyher service > (inetd). This is bad system design. When you run out of inetd to service a single connection, you have to generate a new ephemeral key for every ssh instance. This is a needless waste of precious entropy from /dev/random. I think running sshd out of inetd is a very bad idea indeed, unless Mr Marquis is willing to stay in my datacenter and hammer the keys like a monkey all day, but even then that might be a poor source of entropy. BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030919001951.GD2720>