From owner-freebsd-questions  Mon Nov  4 08:30:21 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA00443
          for questions-outgoing; Mon, 4 Nov 1996 08:30:21 -0800 (PST)
Received: from jack.colorado.edu (jack.Colorado.EDU [128.138.149.29])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA00429
          for <freebsd-questions@FreeBSD.org>; Mon, 4 Nov 1996 08:30:17 -0800 (PST)
Received: from jack (localhost [127.0.0.1]) by jack.colorado.edu (8.7.6/8.7.3/CNS-4.0p) with SMTP id JAA01836; Mon, 4 Nov 1996 09:30:12 -0700 (MST)
Message-ID: <327E1A14.3B62@Colorado.EDU>
Date: Mon, 04 Nov 1996 09:30:12 -0700
From: "Mark O'Lear" <Mark.Olear@Colorado.EDU>
Organization: University of Colorado
X-Mailer: Mozilla 3.0Gold (X11; I; SunOS 5.4 sun4m)
MIME-Version: 1.0
To: jamie <batsy@groovy.dreaming.org>
CC: freebsd-questions@FreeBSD.org
Subject: Re: tcp_wrappers
References: <Pine.BSF.3.95.961103152942.4517A-100000@groovy.dreaming.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

jamie wrote:
> 
> I can't seem to get tcpd and sshd to coexist peacefully on the
> 960612-snap. tcpd thinks that port 22 is already in use so sshd barfs when
> every I try to connect to the machine using ssh. If someone could point
> out the config error I have made, I'd be truly grateful:)

If you are going to run it from inetd with tcpd, you will have
to run it with the following flag from the sshd man page:

       -i     Specifies that sshd is being run from inetd.   Sshd
              is  normally not run from inetd because it needs to
              generate the server key before it  can  respond  to
              the  client,  and  this  may  take tens of seconds.
              Clients would have to wait too long if the key  was
              regenerated  every  time.   However, with small key
              sizes (e.g.  512) using sshd from inetd may be fea-
              sible.

If you configure it with '--with-libwrap' it will do all the
tcpd stuff for you (including looking at the hosts.[allow|deny]
files), then you can run it from rc.local and it won't have
to regenerate the key every time.
-- 
Mark O'Lear             \    e-mail: Mark.Olear@Colorado.EDU
University of Colorado   \   phone:  (303) 492-3798
Telecomm. Svcs. (CB 313)  \  fax:    (303) 492-5105
Boulder, CO  80309         \