Date: Sun, 19 Mar 2006 17:28:05 +0100 From: Karol Kwiatkowski <freebsd@orchid.homeunix.org> To: gerard@seibercom.net Cc: freebsd-questions@freebsd.org Subject: Re: hosts.allow ? Message-ID: <441D8695.2000005@orchid.homeunix.org> In-Reply-To: <200603191032.21530.gerard@seibercom.net> References: <441CA1F9.20301@chrismaness.com> <5ceb5d550603190128q5f3e46c3o84e4b45236df0883@mail.gmail.com> <441D71FE.2070003@chrismaness.com> <200603191032.21530.gerard@seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB1943BD26EF08766A842A85D Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Gerard Seibert wrote: > Chris Maness wrote: >=20 >> OK, I was able to get to work by just starting out with a blank >> hosts.allow. Everything is allowed by default, so when denyhosts >> adds a deny line to the file, it will deny access to that host. >> >> Also, sshd can't be started in rc.conf, it has to be started in >> inetd.conf. Make sure you do a /etc/rc.d/inetd restart after you >> make changes. >=20 > Just out of curiosity, why can 'sshd' not be started from the=20 > '/etc/rc.conf' file? Because Chris wants to limit sshd's connections with 'hosts.allow' thing. Correct me if I'm wrong but my understanding is that inetd will start ssh daemon every time new connection is made and that's why it's not recommended (as written in default hosts.allow file). The alternative is running sshd as a daemon and limit connections with, say, pf's overload, max-src-conn and max-src-conn-rate. Regards, Karol --=20 Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enigB1943BD26EF08766A842A85D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEHYacezeoPAwGIYsRAkroAJ424L+QSkVROpaqLzbteYWpIPRDPwCguAJ1 FXqknqvq1Nm+3PasSSCOy7M= =SU8t -----END PGP SIGNATURE----- --------------enigB1943BD26EF08766A842A85D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?441D8695.2000005>