Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Mar 2006 17:28:05 +0100
From:      Karol Kwiatkowski <freebsd@orchid.homeunix.org>
To:        gerard@seibercom.net
Cc:        freebsd-questions@freebsd.org
Subject:   Re: hosts.allow ?
Message-ID:  <441D8695.2000005@orchid.homeunix.org>
In-Reply-To: <200603191032.21530.gerard@seibercom.net>
References:  <441CA1F9.20301@chrismaness.com>	<5ceb5d550603190128q5f3e46c3o84e4b45236df0883@mail.gmail.com>	<441D71FE.2070003@chrismaness.com> <200603191032.21530.gerard@seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB1943BD26EF08766A842A85D
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Gerard Seibert wrote:
> Chris Maness wrote:
>=20
>> OK, I was able to get to work by just starting out with a blank
>> hosts.allow.  Everything is allowed by default, so when denyhosts
>> adds a deny line to the file, it will deny access to that host.
>>
>> Also, sshd can't be started in rc.conf, it has to be started in
>> inetd.conf.  Make sure you do a /etc/rc.d/inetd restart after you
>> make changes.
>=20
> Just out of curiosity, why can 'sshd' not be started from the=20
> '/etc/rc.conf' file?

Because Chris wants to limit sshd's connections with 'hosts.allow'
thing. Correct me if I'm wrong but my understanding is that inetd will
start ssh daemon every time new connection is made and that's why it's
not recommended (as written in default hosts.allow file). The
alternative is running sshd as a daemon and limit connections with,
say, pf's overload, max-src-conn and max-src-conn-rate.

Regards,

Karol

--=20
Karol Kwiatkowski  <freebsd at orchid dot homeunix dot org>
OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc


--------------enigB1943BD26EF08766A842A85D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEHYacezeoPAwGIYsRAkroAJ424L+QSkVROpaqLzbteYWpIPRDPwCguAJ1
FXqknqvq1Nm+3PasSSCOy7M=
=SU8t
-----END PGP SIGNATURE-----

--------------enigB1943BD26EF08766A842A85D--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?441D8695.2000005>