On 12-Feb-99 Simon Burge wrote:
> George McConnell wrote:
>
>> does anyone have any thoughts on whether sshd should be run from inetd.conf
>> of as a stand alone server?
>
> One idea I saw here and now use to to run _both_. I run ssh in
> standalone mode listening on port 22 as per normal, and out of inetd on
> another port just in case the standalone one dies. This is for piece
> of mind - I've never actually had the standalone die yet, but I sleep
> better at night...
Another reason to run ssh from inetd is security. sshd in daemon-mode does not
control the number of simultaneous connections he has. That means that someone
can just open sockets to port 22 on your machine and sshd will hapilly fork
process until the machine dies or slow's to a crawl.
We are using it via tcpserver (from djb deamontools) from where
we can control access (like tcpwrappers) and simultaneous connections. Much
better.
Melo
---
Pedro Melo [EMAIL PROTECTED]
IP - Engenharia http://ip.pt/
Tel: +351-1-3166740 Av. Duque de Avila, 23
Fax: +351-1-3166701 1049-071 LISBOA - PORTUGAL
Linux: up 22 days and 10:43, 6 users, load average: 0.09, 0.44, 0.48
