Re: Pros and Cons of running under inetd....

Daniel Bye wrote:
On Fri, May 12, 2006 at 11:35:41AM -0500, Eric Schuele wrote:
Hello,

I run sshd and ftpd on my laptop. I generally start them via:
sshd_enable="YES"
ftpd_enable="YES"
in my rc.conf.

What are the pros/cons of running them via inetd?

This is in no way a high load or production machine. Just my laptop
that I need access to from time to time.

The one pro I have noticed (which is rather important to me) is that
ftpd does not heed hosts.allow directives when NOT run via inetd. Am I
correct in this? I prefer to use tcpwrappers to further protect my sshd and ftpd. I generally keep ftpd firewalled off from the world and when someone needs to (anonymous) ftp something to me I open the firewall. But it would be nice to allow only their IP using hosts.allow (as I just enable/disable a generic ruleset in ipfw). So should I forget to disable the ruleset in ipfw then I am not open all day till I reboot.


Thanks for the response.

When sshd starts, it needs to generate keys and set up its cryptographic
environment, so you will notice a bit of lag before getting a login
prompt. This may or may not mean anything to you, depending on how
beefy your laptop is.

Check man sshd for the -i option.

sshd should, by default, be compiled with tcpwrappers support anyway.
You can test whether this is the case by putting something like this at
the top of your hosts.allow:

sshd : 127.0.0.1 : deny

and then try connecting on the loopback interface. If you see `refused
connect from localhost' in your /var/log/auth.log, then your sshd uses
hosts.allow and running it from inetd won't give you any benefit.


Actually I have sshd under control. It works fine, and yes uses tcpwrappers by default.

I don't know about ftpd, as I don't use it.

ftpd however does not seem to use them.


Dan


Although I am curious about ftpd and tcpwrappers.... I am also interested in whether or not running these daemons under inetd is preferred or not. If so why? If not, why?

--
Regards,
Eric
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Pros and Cons of running under inetd....
    ... If you look back in the history, inetd running is a security risk, and was discouraged in the 5.X releases. ... I run sshd and ftpd on my laptop. ... I prefer to use tcpwrappers to further protect my sshd and ftpd. ... MailScanner thanks transtec Computers for their support. ...
    (freebsd-questions)
  • Pros and Cons of running under inetd....
    ... I run sshd and ftpd on my laptop. ... ftpd does not heed hosts.allow directives when NOT run via inetd. ... I prefer to use tcpwrappers to further protect my sshd and ftpd. ...
    (freebsd-questions)
  • Re: [Full-Disclosure] Automated SSH login attempts?
    ... I also seen since July 22nd, bruteforce login attempts on ftpd (proftpd) from ... same ip ranges. ... And like you some attempts in sshd. ...
    (Full-Disclosure)
  • Re: Pros and Cons of running under inetd....
    ... I run sshd and ftpd on my laptop. ... ftpd does not heed hosts.allow directives when NOT run via inetd. ...
    (freebsd-questions)
  • RE: SSHD and FTPD, cant connect
    ... Or if you just try telnet server.ip 22 do you get anything back? ... SSHD and FTPD, can't connect ... I can ping the box and use the Apache and telnet daemons, ...
    (freebsd-stable)