Re: SSH security

From: Patrick Ohnewein (
Date: 10/22/01

Message-ID: <>
Date: Mon, 22 Oct 2001 12:04:11 +0200
From: Patrick Ohnewein <>
Subject: Re: SSH security

On my RH_7.0 I use xinetd to start the sshd on demand, here my SIMPLE

service ssh
         socket_type = stream
         wait = no
         user = root
         server = /usr/sbin/sshd
         #It's not listed in my /etc/services
         port = 22
         server_args = -i
         log_on_failure = ATTEMPT HOST RECORD

My BOX is behind a firewall and therefore I haven't to care much about
security, but xinetd supports a lot interesting options to restrict
access (extracts from man xinetd.conf):
        only_from determines the remote hosts to which the
                         particular service is available. Its
                         value is a list of IP addresses which can
                         be specified in any combination of the
                         following ways:
        no_access determines the remote hosts to which the
                         particular service is unavailable. ...

xinetd provides some very usefull logging features.

Are there some disadvantages or security problems in useing xinetd in
place of sshd directly?


|  Save software competition, use Linux and Java!
|  Also visit the Linux User Group in Southtyrol!
|  Public PGP KEY:

If you put garbage in a computer nothing comes out but garbage. But this garbage, having passed through a very expensive machine, is somehow enobled and none dare criticize it.