On Sat, Sep 1, 2012 at 2:46 PM, Kevin Chadwick <ma1l1ists@yahoo.co.uk> wrote:
On Aug 31, 2012 7:47 PM, "Kevin Chadwick" <ma1l1ists@yahoo.co.uk> wrote:
I will give one example. Lennart says come on who connects to sshd
more
than once a month. I can't believe he's never seen a sshd log with constant pass attempts even though passwords are disabled.
You are misunderstanding the sshd example.
How? Systemds method would seem more problematic and wasteful to me if you get connections to it a lot.
The example explicitly only deals with the case where you do not get a lot of connections. E.g. in a private network.
"And even SSH: as long as nobody wants to contact your machine there is no need to run it, as long as it is then started on the first connection. (And admit it, on most machines where sshd might be listening somebody connects to it only every other month or so.)"
That is close to BS I am afraid - I run several machines where there is a connection in several times a day sometimes even more often.
It is far less likely that ssh is used behind a firewall and there is no mention of this, it is a fact that ssh is primarily used to cross the internet where it will be connected to frequently on any connection as long as it is set to the recommended default port.
My use case includes using sshd behind a firewall - and it far from uncommon!
Home connections even get many ssh connection attempts
If you have a pubic IP you'd be better off using the regular service and not the xinet-style one.
Can't comment on that statement!!!
In most cases it isn't true and if you have redundant services as most do or a secure service, you don't want the service restarted as it may have been exploited, the restart may even enable the exploit, so another server will take over instead.
And the evidence for this is where? -- mike c