[svlug] deny ssh

Jeffrey Siegal jbs at quiotix.com
Tue Nov 27 03:22:02 PST 2001


While it is possible to run sshd under inetd (or an inetd replacement),
the protocol really isn't designed to work that way.  Upon startup sshd
generates a server key, which consumes significant resources.  If
started from inetd, sshd will have to generate a server key for every
connection.  Not only does this slow down connections and increase
resource use, but the high cost of an incomming connection makes a
tempting target for a DoS attack (which can probably be blocked with
appropriate inetd configuration, but still).




More information about the svlug mailing list