[arch-general] [Bulk] Re: libsystemd to systemd

mike cloaked mike.cloaked at gmail.com
Sat Sep 1 11:00:52 EDT 2012

On Sat, Sep 1, 2012 at 2:46 PM, Kevin Chadwick <ma1l1ists at yahoo.co.uk> wrote:
>> On Aug 31, 2012 7:47 PM, "Kevin Chadwick" <ma1l1ists at yahoo.co.uk> wrote:
>> >
>> > > > I will give one example. Lennart says come on who connects to sshd
>> more
>> > > > than once a month. I can't believe he's never seen a sshd log with
>> > > > constant pass attempts even though passwords are disabled.
>> > >
>> > > You are misunderstanding the sshd example.
>> >
>> > How? Systemds method would seem more problematic and wasteful to me if
>> > you get connections to it a lot.
>> The example explicitly only deals with the case where you do not get a lot
>> of connections. E.g. in a private network.
> "And even SSH: as long as nobody wants to contact your machine there is
> no need to run it, as long as it is then started on the first
> connection. (And admit it, on most machines where sshd might be
> listening somebody connects to it only every other month or so.)"

That is close to BS I am afraid - I run several machines where there
is a connection in several times a day sometimes even more often.

> It is far less likely that ssh is used behind a firewall and there is
> no mention of this, it is a fact that ssh is primarily used to cross
> the internet where it will be connected to frequently on any connection
> as long as it is set to the recommended default port.

My use case includes using sshd behind a firewall - and it far from uncommon!

>> > Home connections even get many ssh
>> > connection attempts
>> If you have a pubic IP you'd be better off using the regular service and
>> not the xinet-style one.

Can't comment on that statement!!!

> In most cases it isn't true and if you have redundant services as most
> do or a secure service, you don't want the service restarted as it may
> have been exploited, the restart may even enable the exploit, so another
> server will take over instead.

And the evidence for this is where?

mike c

More information about the arch-general mailing list