From owner-freebsd-isp  Fri Aug 22 05:17:44 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id FAA05132
          for isp-outgoing; Fri, 22 Aug 1997 05:17:44 -0700 (PDT)
Received: from delenn.fl.net.au (root@delenn.fl.net.au [203.22.184.6])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA05127
          for <isp@freebsd.org>; Fri, 22 Aug 1997 05:17:41 -0700 (PDT)
Received: from hari.fl.net.au (adf@hari.fl.net.au [203.22.184.25]) by delenn.fl.net.au (2.0/fl) with SMTP id WAA22463; Fri, 22 Aug 1997 22:16:57 +1000 (EST)
Message-Id: <199708221216.WAA22463@delenn.fl.net.au>
From: "Andrew Foster" <adflists@fl.net.au>
To: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
Cc: <isp@freebsd.org>
Subject: Re: Remote Administration
Date: Fri, 22 Aug 1997 22:15:46 +1000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.71.1008.3
X-MimeOLE: Produced By Microsoft MimeOLE Engine V4.71.1008.3
Sender: owner-freebsd-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

 >> >  I am setting up an ISP server running FreeBSD and would like to deny
all
>> > shell access to my server but keep myself a way to get into the server
for
>> > remote administration. Any ideas on the best way to accomplish this?
>> Two ways.. either attach a modem to the box itself and dial-in to the
>> server, or (using tcp/ip_wrappers) only allow access from certain boxes,
>> ie your desktop.
>
>You should also consider installing ipfw into your kernel, and blocking
>access to port 22 (ssh) from untrusted places.

ssh can also use hosts.deny/hosts.allow for access as well.

Regards,
Andrew Foster