Re: Custom Reload command/signal in upstart
On Aug 23, 2013, at 8:45 PM, James McCoy <jamessan@debian.org> wrote:
>
>> On Fri, Aug 23, 2013 at 04:42:15PM -0400, John Paul Adrian Glaubitz wrote:
>> Imagine there is a vulnerability in SSH which has not been fixed
>> yet for whatever reason. Having SSH run in this situation all the
>> time would make the machine a target for possible attacks.
>
> If all I have to do is make a connection to port 22 to start the
> service, which would happen as part of an attack anyway, then there's no
> added security provided by socket activation.
True. But you could have SSH listen on a different port to avoid such an attack, couldn't you?
Also, I remember there was a 'knockd', which would open the port for SSH when you send a certain sequence of packets to the host.
Cheers,
Adrian
Reply to: