From owner-freebsd-questions@FreeBSD.ORG Tue Jan 15 13:01:30 2013 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 74FE22C2 for ; Tue, 15 Jan 2013 13:01:30 +0000 (UTC) (envelope-from c.kworr@gmail.com) Received: from mail-la0-f47.google.com (mail-la0-f47.google.com [209.85.215.47]) by mx1.freebsd.org (Postfix) with ESMTP id BEF726DC for ; Tue, 15 Jan 2013 13:01:29 +0000 (UTC) Received: by mail-la0-f47.google.com with SMTP id fh20so76308lab.6 for ; Tue, 15 Jan 2013 05:01:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=+txbqG/dht6ffwqL+ZBunDCZSt9WGyn/z5Qojp3YOcE=; b=QDsTbX9P4tcpi3Qe3FzUr0K6Avw9lrZ7Q0U7g5BKMi1vQs0uPHIC5GRXU34S4A9T3x 26WYOtLKgmnQPexkie37Zu3tOvoulaOeTL8KB5eP4GGu+egWngmMgnpwcmoQ4xfWzK1j HKmeXfYnu/Jv+H6QUyvxMD47I8ia4axbQrrSU6rXDTmXMNZZ2Jg3ZLYelZRsJTyWQuEy 7wn8GbMYFS5XwwWRiOMRqHVnI0zDXRKGfZ/W/y4j5LLI2RmL5N9ecFBQU2aZXymqYk+z QHzBYDViHFWSCfeq4cdqwb+8OI0/OeT/v+YDWzpRQEotjHg6nD8zHcgq5+cL0/nSNFTG fF+A== X-Received: by 10.112.87.97 with SMTP id w1mr34761262lbz.91.1358254882944; Tue, 15 Jan 2013 05:01:22 -0800 (PST) Received: from [192.168.1.130] (mau.donbass.com. [92.242.127.250]) by mx.google.com with ESMTPS id o2sm2878945lby.11.2013.01.15.05.01.21 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Jan 2013 05:01:22 -0800 (PST) Message-ID: <50F55320.5030703@gmail.com> Date: Tue, 15 Jan 2013 15:01:20 +0200 From: Volodymyr Kostyrko User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:18.0) Gecko/20100101 Firefox/18.0 SeaMonkey/2.15 MIME-Version: 1.0 To: Frank Staals Subject: Re: SSH on FreeBSD References: <64344677AECE934682A4243703F508681E09737D@CW-EXCH01.cipherwave.local> <20130115174536.78ecf7e3@X220.ovitrap.com> <20130115105006.GA2291@tiny.Sisis.de> <50F54E40.9090406@gmail.com> <87wqvefw78.fsf@Shanna.FStaals.net> In-Reply-To: <87wqvefw78.fsf@Shanna.FStaals.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Erich Dollansky , Matthias Apitz , "questions@FreeBSD.org" , Mannase Nyathi X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2013 13:01:30 -0000 15.01.2013 14:48, Frank Staals: > Volodymyr Kostyrko writes: > >> >> In FreeBSD there are two ways of enabling sshd: default, fast and easy through >> rc.conf and a bit tricky and secure via inetd.conf. Everyone can select their >> own poison. I personally prefer the latter one. > > You seem to imply that enabling sshd through inetd is more secure than > directly through rc.conf. Care to elaborate on that? * there's no central process to target with attacks; * SSHv1 server key is regenerated every time new connection is created; * with inetd you can force max connections per minute rate or max connections per ip. -- Sphinx of black quartz, judge my vow.