On Wed, 11 Nov 2015, Dag-Erling Sm?rgrav wrote:
I want to keep tcpwrapper support - it is another reason why I still
haven't upgraded OpenSSH, but to the best of my knowledge, it is far
less intrusive than HPN.

There's also inetd's tcpwrapper support if you call sshd from inetd for
D/DOS protection.  Inetd and its rate-limiting flags are strongly
recommended for security-minded systems.

Starting sshd from rc.d should never have been made the default, IMO, as
keygen delays are rarely relevant and weren't even back in the days of
300MHz CPUs (18 years ago).  The only reason inetd is not more widely
used today is that many sysadmins aren't familiar with it.

Roger Marquis
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to