From owner-freebsd-isp  Thu Aug 21 09:03:07 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id JAA29767
          for isp-outgoing; Thu, 21 Aug 1997 09:03:07 -0700 (PDT)
Received: from onyx.atipa.com (user24779@ns.atipa.com [208.128.22.10])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id JAA29751
          for <freebsd-isp@FreeBSD.ORG>; Thu, 21 Aug 1997 09:02:58 -0700 (PDT)
Received: (qmail-queue invoked by uid 1018); 21 Aug 1997 16:05:46 -0000
Date: Thu, 21 Aug 1997 10:05:46 -0600 (MDT)
From: Atipa <freebsd@atipa.com>
X-Sender: freebsd@dot.ishiboo.com
To: John Brown <jbrown@vafibre.com>
cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Remote Administration
In-Reply-To: <199708211451.000005B1@intra.vafibre.com>
Message-ID: <Pine.BSF.3.91.970821095953.24648A-100000@dot.ishiboo.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Thu, 21 Aug 1997, John Brown wrote:

>  I am setting up an ISP server running FreeBSD and would like to deny all
> shell access to my server but keep myself a way to get into the server for
> remote administration. Any ideas on the best way to accomplish this?
> 
> Thanks

You can use a TCP wrapper and only allow a login (I'd recommend SSH or 
stel) from a restricted set of hosts with a /etc/hosts.allow file:

sshd:    aaa.bbb.ccc.ddd -and/or- trusted.name.com

telnetd: aaa.bbb.ccc.ddd -and/or- trusted.name.com


Kevin