Date: Sat, 12 Sep 1998 19:59:58 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: freebsd-security@FreeBSD.ORG Subject: Re: sshd Message-ID: <Pine.SUN.3.96.980912195112.21513A-100000@roble.com> In-Reply-To: <xzpbtokesgh.fsf@hvergelmir.ifi.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
If you're running inetd then it doesn't seem consistent to start daemons that don't need to run all the time from startup scripts. Inetd was designed to conserve memory. If you have it why not use it? /etc/inetd.conf is also a common place to implement access control (via tcp_wrappers). Other than that I've frequently run into situations where keepalives had to be turned off. In those cases ssh sessions invariably die and their daemons have to be killed-off by hand (kill <PID>). As it is difficult to tell the original daemon from the child daemons it's also easy to accidentally kill the parent. If ssh is the only access you're locked-out. Easier and more consistent to use inetd where it's available, IMHO and YMMV. Roger Marquis Roble Systems Consulting http://www.roble.com/ On 13 Sep 1998, Dag-Erling [iso-8859-1] Coïdan[iso-8859-1] Smørgrav wrote: > "Much more reliable"? What's more reliable than 100%? Have you ever > experienced any problems running sshd from /usr/local/etc/rc.d/? I > haven't, and *all* boxes I control rely entirely on ssh for remote > access, and have inetd disabled. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980912195112.21513A-100000>