Dependencies between xinetd and other services

I need a bit of clarification on the relationship between xinetd and
services managed by xinetd. I'm not a Linux expert, so please bear
with me.

If I have sshd managed by xinetd, and I restart xinetd (in order for
changes to take effect, perhaps for another xinetd-managed daemon),
what effect does that have on sshd and existing SSH sessions? If I
understand correctly, xinetd spawns off the sshd process to handle the
inbound SSH connection. This implies that restarting xinetd would only
affect new SSH sessions, and not existing SSH sessions. Is that
correct?

TIA.

--
Scott Lowe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Scott Lowe <(E-Mail Removed)> suggested:
> I need a bit of clarification on the relationship between xinetd and
> services managed by xinetd. I'm not a Linux expert, so please bear
> with me.

> If I have sshd managed by xinetd, and I restart xinetd (in order for

You don't want to run sshd from (x)inetd.

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBP2lPAkPEju3Se5QRApdkAJ9rRWttH100B7zZ6DkCAK zzP2wYZwCgnZGm
E1WunwmYujwPwUzb2sOvyLE=
=8+03
-----END PGP SIGNATURE-----

Michael Heiming wrote:

> You don't want to run sshd from (x)inetd.

And even existing SSH sessions can survive an sshd restart with ease...

--
J

All your bits are belong to us - again.

On 2004-09-08 16:19:28 -0400, Michael Heiming
<michael+(E-Mail Removed)> said:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> In comp.os.linux.networking Scott Lowe <(E-Mail Removed)> suggested:
>> I need a bit of clarification on the relationship between xinetd and
>> services managed by xinetd. I'm not a Linux expert, so please bear
>> with me.
>
>> If I have sshd managed by xinetd, and I restart xinetd (in order for
>
> You don't want to run sshd from (x)inetd.

OK. May I ask why? Again, bear with me if that is a obvious question.

--
Scott Lowe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Scott Lowe <(E-Mail Removed)> suggested:
> On 2004-09-08 16:19:28 -0400, Michael Heiming
> <michael+(E-Mail Removed)> said:
[..]
>> You don't want to run sshd from (x)inetd.

> OK. May I ask why? Again, bear with me if that is a obvious question.

One reason is the startup time, for generating the server key,
which need to be calculated if sshd is started from (x)inetd
and delay your login for no reason.

This and more is documented in the fine manual you might want to
take a look at: man sshd

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBQJXYAkPEju3Se5QRAnbaAKDJ5y5/TAJrNABWlKcnMV8TTAoYNQCfYToM
MwKs+faVXd5+Led17GK61U4=
=eYSO
-----END PGP SIGNATURE-----

On Thu, 09 Sep 2004 17:41:46 +0000, Michael Heiming wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> In comp.os.linux.networking Scott Lowe <(E-Mail Removed)> suggested:
>> On 2004-09-08 16:19:28 -0400, Michael Heiming
>> <michael+(E-Mail Removed)> said:
> [..]
>>> You don't want to run sshd from (x)inetd.
>
>> OK. May I ask why? Again, bear with me if that is a obvious question.
>
> One reason is the startup time, for generating the server key, which need
> to be calculated if sshd is started from (x)inetd and delay your login for
> no reason.
>
> This and more is documented in the fine manual you might want to take a
> look at: man sshd

And another is that you can, in many cases, dispense with (x)inetd
completely if you run sshd stand alone. This is good for security.

Regards, Ian