sshd via XP Service vs. sshd init daemon

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

sshd via XP Service vs. sshd init daemon

Christopher McIntosh
Cyg-winners:

I have a question that the FAQs do not seem to address.

It is possible to install sshd as an init daemon (via usr/sbin/chkconfig
--add) *and* it is also possible to install sshd as a full-fledged XP
service (via /usr/bin/ssh-host-config).

QUERY:  What are the pros and cons of each method?

IMO, I prefer to have less full-fledged services; then it is simpler to
start several daemons (e.g., xinetd, sshd, ftpd, ...) via a single 'net
start init' or 'cygrunsrv --start init' reducing the number of tasks to
perform for a change in state.

Am I overlooking potential advantages for running as an independent,
full-fledged service?

Thanks to all who share the enlightenment!  :)

Christopher


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply | Threaded
Open this post in threaded view
|

Re: sshd via XP Service vs. sshd init daemon

Brian Dessent
Christopher McIntosh wrote:

> QUERY:  What are the pros and cons of each method?
>
> IMO, I prefer to have less full-fledged services; then it is simpler to
> start several daemons (e.g., xinetd, sshd, ftpd, ...) via a single 'net
> start init' or 'cygrunsrv --start init' reducing the number of tasks to
> perform for a change in state.

I know that sshd has support for being run from inetd, but it is very
old, very inefficient, not very well tested, lacks some features, and
is  generally frowned upon.  Remember that a host key has to be
generated each time sshd starts and this can take some time, so doing
that for every connection is just silly.

In the context of Cygwin, it should work as long as sshd runs as SYSTEM
and the permissions on the host keys, config files, /var/empty directory
(etc) are correct.  And I would not expect to ever have both working at
the same time (daemon and inetd) unless you installed a second copy of
sshd into a different --prefix that had its own host keys and everything
else.  I'm not sure why you would ever want this though, or maybe I'm
misinterpreting your question.

In short, stay away from inetd.  That's my advice.  Starting and
stopping is trivial: "for F in sshd cron cygserver; do cygrunsrv -S $F;
done".

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/