From owner-freebsd-isp  Thu Aug 21 16:05:52 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA25810
          for isp-outgoing; Thu, 21 Aug 1997 16:05:52 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA25803
          for <freebsd-isp@FreeBSD.ORG>; Thu, 21 Aug 1997 16:05:44 -0700 (PDT)
Received: (from danny@localhost)
	by panda.hilink.com.au (8.8.5/8.8.5) id JAA20656;
	Fri, 22 Aug 1997 09:05:28 +1000 (EST)
Date: Fri, 22 Aug 1997 09:05:27 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: John Brown <jbrown@vafibre.com>
cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Remote Administration
In-Reply-To: <199708211451.000005B1@intra.vafibre.com>
Message-ID: <Pine.BSF.3.91.970822090407.308F-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 21 Aug 1997, John Brown wrote:

>  I am setting up an ISP server running FreeBSD and would like to deny all
> shell access to my server but keep myself a way to get into the server for
> remote administration. Any ideas on the best way to accomplish this?

Disable telnet, rlogin, rexec, rsh services in /etc/inetd.conf, and 
install ssh (cd /usr/ports/security/ssh; make ; make install)

In practice, of course, you'll want to install ssh before you disable 
telnet :-)

Danny