From owner-freebsd-questions@FreeBSD.ORG Sun Mar 19 16:28:22 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAECC16A400 for ; Sun, 19 Mar 2006 16:28:22 +0000 (UTC) (envelope-from freebsd@orchid.homeunix.org) Received: from orchid.homeunix.org (avk14.neoplus.adsl.tpnet.pl [83.27.44.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC14C43D46 for ; Sun, 19 Mar 2006 16:28:21 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from [192.168.1.66] (blackacidevil.orchid.homeunix.org [192.168.1.66]) (authenticated bits=0) by orchid.homeunix.org (8.13.4/8.13.4) with ESMTP id k2JGSB0f072824 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 19 Mar 2006 17:28:18 +0100 (CET) (envelope-from freebsd@orchid.homeunix.org) Message-ID: <441D8695.2000005@orchid.homeunix.org> Date: Sun, 19 Mar 2006 17:28:05 +0100 From: Karol Kwiatkowski User-Agent: Thunderbird 1.5 (X11/20060112) MIME-Version: 1.0 To: gerard@seibercom.net References: <441CA1F9.20301@chrismaness.com> <5ceb5d550603190128q5f3e46c3o84e4b45236df0883@mail.gmail.com> <441D71FE.2070003@chrismaness.com> <200603191032.21530.gerard@seibercom.net> In-Reply-To: <200603191032.21530.gerard@seibercom.net> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=06E09309; url=http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigB1943BD26EF08766A842A85D" X-Virus-Scanned: ClamAV 0.88/1340/Sun Mar 19 15:19:37 2006 on orchid.homeunix.org X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: hosts.allow ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@orchid.homeunix.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 16:28:22 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB1943BD26EF08766A842A85D Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Gerard Seibert wrote: > Chris Maness wrote: >=20 >> OK, I was able to get to work by just starting out with a blank >> hosts.allow. Everything is allowed by default, so when denyhosts >> adds a deny line to the file, it will deny access to that host. >> >> Also, sshd can't be started in rc.conf, it has to be started in >> inetd.conf. Make sure you do a /etc/rc.d/inetd restart after you >> make changes. >=20 > Just out of curiosity, why can 'sshd' not be started from the=20 > '/etc/rc.conf' file? Because Chris wants to limit sshd's connections with 'hosts.allow' thing. Correct me if I'm wrong but my understanding is that inetd will start ssh daemon every time new connection is made and that's why it's not recommended (as written in default hosts.allow file). The alternative is running sshd as a daemon and limit connections with, say, pf's overload, max-src-conn and max-src-conn-rate. Regards, Karol --=20 Karol Kwiatkowski OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enigB1943BD26EF08766A842A85D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEHYacezeoPAwGIYsRAkroAJ424L+QSkVROpaqLzbteYWpIPRDPwCguAJ1 FXqknqvq1Nm+3PasSSCOy7M= =SU8t -----END PGP SIGNATURE----- --------------enigB1943BD26EF08766A842A85D--