From owner-freebsd-questions@FreeBSD.ORG Thu May 8 00:04:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8BACF37B401 for ; Thu, 8 May 2003 00:04:06 -0700 (PDT) Received: from 12-229-238-38.client.attbi.com (evrtwa1-ar10-4-40-155-207.evrtwa1.dsl-verizon.net [4.40.155.207]) by mx1.FreeBSD.org (Postfix) with SMTP id B088743F75 for ; Thu, 8 May 2003 00:04:01 -0700 (PDT) (envelope-from ryallsd@datasphereweb.com) Received: (qmail 421 invoked from network); 8 May 2003 07:03:59 -0000 Received: from unknown (HELO bartxp) (192.168.0.2) by 192.168.0.1 with SMTP; 8 May 2003 07:03:59 -0000 From: "Derrick Ryalls" To: "'Daniela'" , Date: Thu, 8 May 2003 00:03:50 -0700 Message-ID: <001601c3152f$fa693170$0200a8c0@bartxp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 In-Reply-To: <200305072233.30197.dgw@liwest.at> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: Why is port 22 open by default? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 May 2003 07:04:06 -0000 > On Wednesday 07 May 2003 20:03, Brad Lisoweski wrote: > > Would you rather have telnet open? > > > > IMHO, SSH is secure, and is fine to be open by default. If you are=20 > > paranoid, compile ipfilter or ipfw into your kernel and=20 > block access=20 > > to port 22. >=20 > Thanks for your reply. >=20 > I run a shell server, so I need SSH.=20 > I'm still relatively new to all this, so I figured if it is=20 > open by default,=20 > it must be secure. > Before I thought that easily exploitable holes are regularly=20 > discovered in=20 > SSH. >=20 I too am a security freak, so I limit what ips can ssh to my machines. Read the man pages for your firewall, or do it the really simple way and use /etc/hosts.allow: sshd : 192.168.1. : allow sshd : trusted.com : allow sshd : all : deny