Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
From: Bruce M Simpson (bms_at_spc.org)
Date: Fri, 19 Sep 2003 01:19:51 +0100 To: Avleen Vig <email@example.com>
On Thu, Sep 18, 2003 at 04:18:11PM -0700, Avleen Vig wrote:
> On Thu, Sep 18, 2003 at 12:21:35PM -0700, Roger Marquis wrote:
> > Why FreeBSd's default installation still uses a legacy stand-alone
> > ssh daemon is a question many systems administrators are asking.
> I'm certainly not one of those systems administrators.
> I manage > 700 systems on a daily basis (not alone, obviosuly, and not
> all FreeBSD).
> I don't want one service (ssh) being dependant on anoyher service
> (inetd). This is bad system design.
When you run out of inetd to service a single connection, you have to
generate a new ephemeral key for every ssh instance. This is a needless
waste of precious entropy from /dev/random.
I think running sshd out of inetd is a very bad idea indeed, unless
Mr Marquis is willing to stay in my datacenter and hammer the keys like
a monkey all day, but even then that might be a poor source of entropy.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"