From owner-freebsd-questions@FreeBSD.ORG  Thu May  8 00:04:06 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8BACF37B401
	for <questions@freebsd.org>; Thu,  8 May 2003 00:04:06 -0700 (PDT)
Received: from 12-229-238-38.client.attbi.com
	(evrtwa1-ar10-4-40-155-207.evrtwa1.dsl-verizon.net [4.40.155.207])
	by mx1.FreeBSD.org (Postfix) with SMTP id B088743F75
	for <questions@freebsd.org>; Thu,  8 May 2003 00:04:01 -0700 (PDT)
	(envelope-from ryallsd@datasphereweb.com)
Received: (qmail 421 invoked from network); 8 May 2003 07:03:59 -0000
Received: from unknown (HELO bartxp) (192.168.0.2)
  by 192.168.0.1 with SMTP; 8 May 2003 07:03:59 -0000
From: "Derrick Ryalls" <ryallsd@datasphereweb.com>
To: "'Daniela'" <dgw@liwest.at>, <questions@freebsd.org>
Date: Thu, 8 May 2003 00:03:50 -0700
Message-ID: <001601c3152f$fa693170$0200a8c0@bartxp>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: <200305072233.30197.dgw@liwest.at>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Subject: RE: Why is port 22 open by default?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 May 2003 07:04:06 -0000

> On Wednesday 07 May 2003 20:03, Brad Lisoweski wrote:
> > Would you rather have telnet open?
> >
> > IMHO, SSH is secure, and is fine to be open by default.  If you are=20
> > paranoid, compile ipfilter or ipfw into your kernel and=20
> block access=20
> > to port 22.
>=20
> Thanks for your reply.
>=20
> I run a shell server, so I need SSH.=20
> I'm still relatively new to all this, so I figured if it is=20
> open by default,=20
> it must be secure.
> Before I thought that easily exploitable holes are regularly=20
> discovered in=20
> SSH.
>=20

I too am a security freak, so I limit what ips can ssh to my machines.
Read the man pages for your firewall, or do it the really simple way and
use /etc/hosts.allow:

sshd : 192.168.1. : allow
sshd : trusted.com : allow
sshd : all : deny