There is at least another situation where it does make sense to run sshd
under inetd, besides the one you mentioned.
That is where the box is in a location far away (physically) and you want
to make sure that if the (OS)network layer works, you can access it via
ssh.
I am in such a situation now. I have a server in cabinet at ISP far away.
Their staff rebooted my box without permission (I am moving the box soon),
and it did not come up correctly. I don't know what the exact problem is,
since I can't ssh in. However, it is "up enough" that ftp and web work.
But since sshd is started late in rc.local instead of using inetd, I can't
login! Grrrr. It probably is hung somewhere in rc.local.
I am going to change sshd on that box to use inetd. There is no one else
login in to it, and I rarely do except for problems (it's working, I
don't mess with it).
Tin Le
----
http://tin.le.org
Internet Security and Firewall Consulting
Tin Le - [EMAIL PROTECTED]
On Mon, 19 Jun 2000, Rick Moen wrote:
> begin Armand Welsh quotation:
> > I don't know the specifics on why it's started this way, but I do know that
> > my ssh daemon reads the hosts.allow, and hosts.deny files, and bases it's
> > security off of these. So that may be the reason.
> Nope. That goal can be accomplished by compiling sshd with libwrap, and
> not running it under inetd.
> I can't think of any situation where it's beneficial to run sshd under
> inetd, except for extreme RAM shortages (which suggest an obvious and
> different cure). I'd say somebody made an error.
