On Sat, Apr 26, 2014 at 1:01 PM, Darren Tucker <dtucker@xxxxxxxxxx> wrote: > On Sat, Apr 26, 2014 at 12:14 PM, Nico Kadel-Garcia <nkadel@xxxxxxxxx> > wrote: >> >> Isn't it significantly more efficient to allow sshd to do its own >> forks, rather than doing 'ssd -D' > > > sshd -i Good point, yes. >> and having one new daemon running >> for every connection? > > > In the common case, probably not, since sshd re-execs itself on each > connection (using a lot of code originally for -i) to provide randomization > of the runtime environment (ASLR and such). Protocol 1 connections will need > to generate an ephemeral server key so they'll probably be noticeably > slower. Has anyone actually using this approach, with or without tcp_wrappers, gathered any statistics for the current release? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev