VETO! Re: heads up: tcpwrappers support going away
Nico Kadel-Garcia
nkadel at gmail.com
Sun Apr 27 02:14:25 EST 2014
On Sat, Apr 26, 2014 at 11:57 AM, Nicolai
<nicolai-openssh at chocolatine.org> wrote:
> On Fri, Apr 25, 2014 at 08:35:08PM -0500, Karl O. Pinc wrote:
>> I bet sshd could be run from a tcpwrapper enabled inetd
>> using 'sshd -D'.
>
> Good point. I use -ieDf for ssh over CurveCP and it works like a charm
> even on old hardware. So really, the desired functionality will still
> be in OpenSSH, and there will still be at least two distinct ways of
> getting it (instead of three). It's sensible to remove duplicate
> functionality in OpenSSH, particularly where it's better placed
> elsewhere.
>
> So people can look at -i and -D flags. They work!
Isn't it significantly more efficient to allow sshd to do its own
forks, rather than doing 'ssd -D' and having one new daemon running
for every connection? I'm not personally convinced it's "better placed
elsewhere". If tcp_wrappers is yanked out, perhaps a friendly note in
the documentation explaining just this suggestion would help replace
it.
More information about the openssh-unix-dev
mailing list