Date: Thu, 21 Aug 1997 08:49:14 -0700 (PDT) From: "Mel Lester Jr." <meljr@connet80.com> To: John Brown <jbrown@vafibre.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Remote Administration Message-ID: <Pine.BSF.3.91.970821083930.1271B-100000@connet80.com> In-Reply-To: <199708211451.000005B1@intra.vafibre.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Aug 1997, John Brown wrote: > I am setting up an ISP server running FreeBSD and would like to deny all > shell access to my server but keep myself a way to get into the server for > remote administration. Any ideas on the best way to accomplish this? A combination of two strategies come to mind. The easiest is to set any entry in the /etc/passwd file that you want restricted to not have a working shell. For example, instead of /usr/bin/bash or some other shell, use /usr/bin/true to essentially eliminate shell access for these accounts. The users can still send and receive e-mail, use FTP to maintain web pages, but can't login over dial-up or telnet. For further security, TCP wrappers are easy to use. See the August 1997 issue of the Linux Journal (FreeBSD needs a similar publication IMHO) for a nice cookbook example of how to further restrict access to "trusted" hosts. -mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970821083930.1271B-100000>