On Sun, 9 Jan 2000, Gordon Messmer wrote:
> Since sshd supports tcp_wrappers itself, I don't see any advantage to
> running sshd from inetd (with tcpd).
The benefits are:
* You can take advantage of advanced features of inetd, such as
custom logging and process limits.
* You aren't vulnerable to attacks from untrusted hosts. The
recent exploit against ssh with RSAREF would be much harder to exploit if
port 22 doesn't even connect to ssh until AFTER inetd authorizes and logs
the connection.
A fast computer only takes a few seconds to spawn ssh from inetd. While
this would be impractical on a heavily-used server with dozens or hundreds
of ssh connections, it works well for administrative purposes. Your
mileage may vary, of course.
--
Todd A. Jacobs
Network Systems Engineer
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
