On Aug 23, 2013, at 8:45 PM, James McCoy <james...@debian.org> wrote: > >> On Fri, Aug 23, 2013 at 04:42:15PM -0400, John Paul Adrian Glaubitz wrote: >> Imagine there is a vulnerability in SSH which has not been fixed >> yet for whatever reason. Having SSH run in this situation all the >> time would make the machine a target for possible attacks. > > If all I have to do is make a connection to port 22 to start the > service, which would happen as part of an attack anyway, then there's no > added security provided by socket activation.
True. But you could have SSH listen on a different port to avoid such an attack, couldn't you? Also, I remember there was a 'knockd', which would open the port for SSH when you send a certain sequence of packets to the host. Cheers, Adrian -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/22b26f29-0f55-45ff-a94d-08fb8d4d6...@physik.fu-berlin.de
