I'd like to add that running SSH via inetd is not recommended because it
makes initial connections very slow, unless a very small key size is
chosen, which isn't recommended either.
SSH can run with tcp wrappers and as a standalone daemon at the same time,
by using "configure --with-libwrap=SOMEDIR" when building sshd. Point
SOMEDIR to the directory that contains libwrap.a. If you didn't save
libwrap.a from when you installed TCP wrappers, get the TCP wrappers and
build them, then stick the libwrap.a somewhere safe, e.g. /usr/local/lib
--
Gregor Mosheh
[EMAIL PROTECTED]
Systems Admin, Humboldt Internet
707.825.4638
On Tue, 23 Nov 1999, Josh Rivel wrote:
> Me You wrote...
> > I am attempting to make my network more secure and
> > after reading numerous how to's I decided to give SSH
> > a try. A number of publications suggest closing most
> > services such as telnet and ftp in the inetd.conf
> > file. The problem is that when I do this, I am unable
> > to connect with SSH. Do I need to have telnet open
> > for SSH to work?? or is there a service that needs to
> > be added here?? and where can I find information how
> > to do it if needed??
>
> You have 2 options.
>
> 1) run sshd in standalone mode by just starting up the daemon manually
>
> root# /usr/local/sbin/sshd
>
> Just be sure to make sure it's in your system startup scripts so that
> next time you reboot it will get started automatically
>
> 2) run sshd out of inetd.
> Add a line similait to this one to your /etc/inetd.conf file, and kill -HUP
> the pid of inetd.
>
> ssh stream tcp nowait root /usr/local/sbin/sshd /usr/local/sbin/sshd -i
>
> Be sure to have the -i at the end of the second argument, that indicates
> that ssh is running out of inetd and not in standalone.
>
> You can also use tcp_wrappers with it as well, in which case you would use
> this line in /etc/inetd.conf:
>
> ssh stream tcp nowait root /path/to/tcpd /usr/local/sbin/sshd -i
>
>
> --josh
>
