On Sat, Sep 1, 2012 at 2:46 PM, Kevin Chadwick <ma1l1ists@xxxxxxxxxxx> wrote: >> On Aug 31, 2012 7:47 PM, "Kevin Chadwick" <ma1l1ists@xxxxxxxxxxx> wrote: >> > >> > > > I will give one example. Lennart says come on who connects to sshd >> more >> > > > than once a month. I can't believe he's never seen a sshd log with >> > > > constant pass attempts even though passwords are disabled. >> > > >> > > You are misunderstanding the sshd example. >> > >> > How? Systemds method would seem more problematic and wasteful to me if >> > you get connections to it a lot. >> >> The example explicitly only deals with the case where you do not get a lot >> of connections. E.g. in a private network. > > "And even SSH: as long as nobody wants to contact your machine there is > no need to run it, as long as it is then started on the first > connection. (And admit it, on most machines where sshd might be > listening somebody connects to it only every other month or so.)" That is close to BS I am afraid - I run several machines where there is a connection in several times a day sometimes even more often. > > It is far less likely that ssh is used behind a firewall and there is > no mention of this, it is a fact that ssh is primarily used to cross > the internet where it will be connected to frequently on any connection > as long as it is set to the recommended default port. My use case includes using sshd behind a firewall - and it far from uncommon! > >> >> > Home connections even get many ssh >> > connection attempts >> >> If you have a pubic IP you'd be better off using the regular service and >> not the xinet-style one. >> Can't comment on that statement!!! > In most cases it isn't true and if you have redundant services as most > do or a secure service, you don't want the service restarted as it may > have been exploited, the restart may even enable the exploit, so another > server will take over instead. And the evidence for this is where? -- mike c
