From owner-freebsd-questions  Fri Jul 30  2:26:43 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from forty-two.egroups.net (teapot.findmail.com [206.16.70.98])
	by hub.freebsd.org (Postfix) with ESMTP id 97E4A14D31
	for <freebsd-questions@FreeBSD.ORG>; Fri, 30 Jul 1999 02:26:36 -0700 (PDT)
	(envelope-from gsutter@forty-two.egroups.net)
Received: (from gsutter@localhost)
	by forty-two.egroups.net (8.9.3/8.9.2) id CAA60473;
	Fri, 30 Jul 1999 02:26:23 -0700 (PDT)
	(envelope-from gsutter)
Date: Fri, 30 Jul 1999 02:26:22 -0700
From: Gregory Sutter <gsutter@pobox.com>
To: paz <paz@apriori.net>
Cc: Blake Freeburg <blakef@mrdata.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: web-based mail software
Message-ID: <19990730022622.A391@forty-two.egroups.net>
References: <199907291915.OAA98829@mrdata.com> <Pine.BSF.4.10.9907292356330.11954-100000@gw.apriori.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <Pine.BSF.4.10.9907292356330.11954-100000@gw.apriori.net>; from paz on Fri, Jul 30, 1999 at 12:09:31AM -0400
Organization: Zer0
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Jul 30, 1999 at 12:09:31AM -0400, paz wrote:
> 
> BTW, I'm aware of some of the issues regarding security and web-mail
> interface software. I'm willing to risk it for the convenience of
> accessing my mail remotely. I doubt that I would be able to telnet back
> into my server while I'm at work or away from home that much longer,
> considering the trend for employers to install more and more stiff
> firewalls - often barring telnet entirely. It would be wise for a FreeBSD
> port of IMP (for example) to include a rudimentary warning to the unwary.

You should be using ssh (/usr/ports/security/ssh), not telnet.  A neat 
trick you can then play is to find out what ports are open on your
firewall and set up sshd to use one of those.  You can then give the -P 
and/or -p options to ssh and gain access to your box.

From ssh(1):

       -p port
              Port to connect to on the remote host.  This can be
              specified  on a per-host basis in the configuration
              file.

       -P     Use non privileged port. With this you  cannot  use
              rhosts  or rsarhosts authentications, but it can be
              used to bypass some firewalls that dont allow priv-
              ileged source ports to pass.

Greg
-- 
Gregory S. Sutter                 Bureaucrats cut red tape -- lengthwise.
mailto:gsutter@pobox.com
http://www.pobox.com/~gsutter/
PGP DSS public key 0x40AE3052


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message