[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#512209: Please don't touch sshd from interfaces-up

Peter Palfrader <weasel@debian.org> writes:
> Yes, I read that.  I don't think this would ever be a problem unless you
> explicitly listen only on a specific address, and then I'd think that
> sshd wouldn't even start so the reload couldn't have been a fix for
> that.  Unless of course you listen on more than one specific address at
> least one of which is available when sshd starts.  Still, why you would
> do this rather than listen on * as is the default is beyond me.

Often one doesn't want to listen on particular addresses that are
attached to dangerous subnets.

Restarting, in any case, is generally the safest and cleanest thing to
do with security critical software in case of reconfiguration. It
backstops all sorts of possible problems.

Perry E. Metzger		perry@piermont.com

Reply to: