From owner-freebsd-security  Fri Sep 11 20:16:23 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA18076
          for freebsd-security-outgoing; Fri, 11 Sep 1998 20:16:23 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from roble.com (roble.com [207.5.40.50])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA18070
          for <freebsd-security@FreeBSD.ORG>; Fri, 11 Sep 1998 20:16:22 -0700 (PDT)
          (envelope-from sendmail@roble.com)
Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id UAA10786 for <freebsd-security@FreeBSD.ORG>; Fri, 11 Sep 1998 20:16:08 -0700 (PDT)
Date: Fri, 11 Sep 1998 20:16:08 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: freebsd-security@FreeBSD.ORG
Subject: Re: sshd 
In-Reply-To: <20262.905499048@time.cdrom.com>
Message-ID: <Pine.SUN.3.96.980911195617.10501D-100000@roble.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 11 Sep 1998, Jordan K. Hubbard wrote:
> Because you have your files in the wrong place - if you read the man page
> for tcpd, you'll see that the permission files live in /usr/local/etc/hosts.*

The 2.2.6 man pages incorrectly identify /etc as the location of
hosts.{allow,deny}.  FWIW, /etc is the default location on every
*other* Unix operating system.  When I first ran into this bug (back
around 1.0.5) we had to `strings tcpd` to find where the access files
were expected to be.  This is one of the many FreeBSD ports that (IMHO)
offer no advantages over the original package.

> Which isn't started from inetd.conf.  It's started from /usr/local/etc/rc.d/
> when the system boots; nothing rogue about it.

The recommended sshd startup method used to be /etc/rc*(/*), probably
for historical reasons.  It may still be a good idea on slow CPUs,
where it can take a while to generate a session key, or where
inetd.conf isn't running, however, in my experience, sshd is much more
reliably run from inetd.

Roger Marquis
Roble Systems Consulting
http://www.roble.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message