On Fri, May 12, 2006 at 11:35:41AM -0500, Eric Schuele wrote: > Hello, > > I run sshd and ftpd on my laptop. I generally start them via: > sshd_enable="YES" > ftpd_enable="YES" > in my rc.conf. > > What are the pros/cons of running them via inetd? > > This is in no way a high load or production machine. Just my laptop > that I need access to from time to time. > > The one pro I have noticed (which is rather important to me) is that > ftpd does not heed hosts.allow directives when NOT run via inetd. Am I > correct in this? I prefer to use tcpwrappers to further protect my sshd > and ftpd. I generally keep ftpd firewalled off from the world and when > someone needs to (anonymous) ftp something to me I open the firewall. > But it would be nice to allow only their IP using hosts.allow (as I just > enable/disable a generic ruleset in ipfw). So should I forget to > disable the ruleset in ipfw then I am not open all day till I reboot.
When sshd starts, it needs to generate keys and set up its cryptographic environment, so you will notice a bit of lag before getting a login prompt. This may or may not mean anything to you, depending on how beefy your laptop is. Check man sshd for the -i option. sshd should, by default, be compiled with tcpwrappers support anyway. You can test whether this is the case by putting something like this at the top of your hosts.allow: sshd : 127.0.0.1 : deny and then try connecting on the loopback interface. If you see `refused connect from localhost' in your /var/log/auth.log, then your sshd uses hosts.allow and running it from inetd won't give you any benefit. I don't know about ftpd, as I don't use it. Dan -- Daniel Bye PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \
Description: PGP signature