From owner-freebsd-isp  Thu Aug 21 09:45:25 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id JAA02778
          for isp-outgoing; Thu, 21 Aug 1997 09:45:25 -0700 (PDT)
Received: from horst.bfd.com (horst.bfd.com [204.160.242.10])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA02773
          for <freebsd-isp@FreeBSD.ORG>; Thu, 21 Aug 1997 09:45:22 -0700 (PDT)
Received: from harlie.bfd.com (bastion.bfd.com [204.160.242.14]) by horst.bfd.com (8.8.5/8.7.3) with SMTP id JAA15224; Thu, 21 Aug 1997 09:45:12 -0700 (PDT)
Date: Thu, 21 Aug 1997 09:45:12 -0700 (PDT)
From: "Eric J. Schwertfeger" <ejs@bfd.com>
To: Stefan Molnar <stefan@exis.net>
cc: John Brown <jbrown@vafibre.com>, freebsd-isp@FreeBSD.ORG
Subject: Re: Remote Administration
In-Reply-To: <Pine.LNX.3.95.970821113854.30636A-100000@sailfish.exis.net>
Message-ID: <Pine.BSF.3.95.970821094232.10149A-100000@harlie.bfd.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Thu, 21 Aug 1997, Stefan Molnar wrote:

> 
> >  I am setting up an ISP server running FreeBSD and would like to deny all
> > shell access to my server but keep myself a way to get into the server for
> > remote administration. Any ideas on the best way to accomplish this?
> 
> You could make a special port ready that will give a login besides the
> standard telnet port.  So when you want to get in just 
> telnet hostname 9452  But if someone strobes the system then it would be
> found.  Also you can setup your machine to only accect telnets from a 
> set of hosts and use another machine of yours to login from.

Actually, I'd suggest installing ssh, and I *THINK* you can disable all
telnet and rcmd stuff, and ssh has pretty good access control.