From owner-freebsd-isp Tue Jul 30 0:26:37 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDEBF37B400 for ; Tue, 30 Jul 2002 00:26:33 -0700 (PDT) Received: from smtp25.singnet.com.sg (smtp25.singnet.com.sg [165.21.101.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CCE743E4A for ; Tue, 30 Jul 2002 00:26:32 -0700 (PDT) (envelope-from sajari@singnet.com.sg) Received: from singapura.singnet.com.sg (singapura.singnet.com.sg [165.21.10.10]) by smtp25.singnet.com.sg (8.12.3/8.12.2) with ESMTP id g6U7QH51024533; Tue, 30 Jul 2002 15:26:17 +0800 Received: from localhost (sajari@localhost) by singapura.singnet.com.sg (8.8.5/8.7.2) with ESMTP id PAA27994; Tue, 30 Jul 2002 15:25:47 +0800 (SST) X-Authentication-Warning: singapura.singnet.com.sg: sajari owned process doing -bs Date: Tue, 30 Jul 2002 15:25:46 +0800 (SST) From: SaJaRi To: Joe White Cc: freebsd-isp@FreeBSD.ORG Subject: Re: SSHD Lockdown In-Reply-To: <003f01c23702$84a5dd00$0a800a0a@edgehosting.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi there! If the new server is only to be access from 2 other server and do not need an internet access my suggestion is don't do default route and just do static route the the machine u need to to access. So no worry about security. U can add default route as and when required. Cheers! ************************* Sajari Bin Sarkan * SingNet Network Support * ************************* -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.i mQBtAjc9fI4AAAEDAMx6kkJcuhMq9TJEecb3JaiHe6fHRMlaVX/5Om7eCi2xdONO HfVeuTUryabhb7J2mRgKo7z4YWoNxOdNdDtRVaMfD7H18mdV0KYvlR/+9NAgKGxi UEaOYPJsKNHWCAKV1QAFEbQeU2FKYVJpIDxzYWphcmlAc2luZ25ldC5jb20uc2c+ =gG2n -----END PGP PUBLIC KEY BLOCK----- On Mon, 29 Jul 2002, Joe White wrote: > I'm looking for the best way to secure SSHD. I'm creating a new server, where only 2 other boxes should be able to access via SSH, and I was wondering what the best way to allow those 2, and only those 2 boxes to access it. Anything outside of SSHD daemon that could also help? I'm going to implement tcpwrappers as well, but not packet filtering software (ipfw / ipf). Any suggestions would be greatly appreciated. > > Cheers! > Joe White > Edge Networking Solutions > http://www.edgenetworkingsolutions.com > jwhite@EdgeNetworkingSolutions.com > 248.561.2827 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message