From owner-freebsd-security  Thu Jun 26 12:34:07 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA07434
          for security-outgoing; Thu, 26 Jun 1997 12:34:07 -0700 (PDT)
Received: from limbo.senate.org (nathan@senate.org [204.141.125.38])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA07426
          for <freebsd-security@freebsd.org>; Thu, 26 Jun 1997 12:34:03 -0700 (PDT)
Received: (from nathan@localhost)
	by limbo.senate.org (8.8.5/8.8.5) id PAA20854;
	Thu, 26 Jun 1997 15:33:52 -0400 (EDT)
From: Nathan Dorfman <nathan@senate.org>
Message-Id: <199706261933.PAA20854@limbo.senate.org>
Subject: Re: SSHD from Inetd
In-Reply-To: <199706261931.MAA00269@biggusdiskus.flyingfox.com> from Jim Shankland at "Jun 26, 97 12:31:08 pm"
To: jas@flyingfox.com (Jim Shankland), freebsd-security@freebsd.org
Date: Thu, 26 Jun 1997 15:33:51 -0400 (EDT)
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Actually I wanted sshd to run with tcpd :) is it possible to do that
without inetd? Also, I have seen where sendmail was tcpd'd and HELO
would report a pident output! Any info on this?

> Firing up sshd from inetd is a bad idea, as sshd does non-trivial key
> generation work on startup.  It really wants to start up once, then fork
> for each incoming connection.
> 
> Or you can do what we've done on some of our machines, and turn off inetd,
> leaving *only* sshd running.  Who needs legacy protocols like telnet and
> ftp when you've got sshd?  (Tongue partly in cheek here; but only partly.
> This really does work well in some environments.)
> 
> Jim Shankland
> Flying Fox Computer Systems, Inc.
>