From owner-freebsd-isp  Thu Aug 21 09:03:57 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id JAA29841
          for isp-outgoing; Thu, 21 Aug 1997 09:03:57 -0700 (PDT)
Received: from uhf.wdc.net (uhf.wdc.net [198.147.74.44])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA29823
          for <freebsd-isp@FreeBSD.ORG>; Thu, 21 Aug 1997 09:03:50 -0700 (PDT)
Received: from localhost (bad@localhost) by uhf.wdc.net (8.8.7/8.6.12) with SMTP id MAA00836; Thu, 21 Aug 1997 12:08:25 -0400 (EDT)
Date: Thu, 21 Aug 1997 12:08:24 -0400 (EDT)
From: Bernie Doehner <bad@uhf.wireless.net>
X-Sender: bad@uhf.wdc.net
To: John Brown <jbrown@vafibre.com>
cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Remote Administration
In-Reply-To: <199708211451.000005B1@intra.vafibre.com>
Message-ID: <Pine.BSF.3.95.970821120649.739A-100000@uhf.wdc.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>  I am setting up an ISP server running FreeBSD and would like to deny all
> shell access to my server but keep myself a way to get into the server for
> remote administration. Any ideas on the best way to accomplish this?
> 
> Thanks
> 

Set up /etc/inetd.conf to deny all tcp services that you don't need,
compile and install sshd with IDEA encryption and compression, add your
account to /etc/login.access, add your account to group wheel, or sudoers
and away you go.

Bernie