hosts.allow ?
Karol Kwiatkowski
freebsd at orchid.homeunix.org
Sun Mar 19 16:28:22 UTC 2006
Gerard Seibert wrote:
> Chris Maness wrote:
>
>> OK, I was able to get to work by just starting out with a blank
>> hosts.allow. Everything is allowed by default, so when denyhosts
>> adds a deny line to the file, it will deny access to that host.
>>
>> Also, sshd can't be started in rc.conf, it has to be started in
>> inetd.conf. Make sure you do a /etc/rc.d/inetd restart after you
>> make changes.
>
> Just out of curiosity, why can 'sshd' not be started from the
> '/etc/rc.conf' file?
Because Chris wants to limit sshd's connections with 'hosts.allow'
thing. Correct me if I'm wrong but my understanding is that inetd will
start ssh daemon every time new connection is made and that's why it's
not recommended (as written in default hosts.allow file). The
alternative is running sshd as a daemon and limit connections with,
say, pf's overload, max-src-conn and max-src-conn-rate.
Regards,
Karol
--
Karol Kwiatkowski <freebsd at orchid dot homeunix dot org>
OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060319/d12d48ed/signature.pgp
More information about the freebsd-questions
mailing list