Dave wrote:

Hi. Sorry ... <snip>

Hello, and welcome.  And I made it a bit shorter ;-)

 > I'd like to:-
Have a ssh login via LAN available, I believe that's a standard feature, but I expressedly disabled that (well, told it not to implement it) when I orignaly installed the OS. Or have a VNC server running.

As someone mentioned:
   sshd_enable="YES"
in /etc/rc.conf.  You can then either a] reboot, or b] issue the
following with root privileges:
   /etc/rc.d/sshd start

Have a small web server, again I've read that Apache can do a good job, but I don't want (nor need) all it's facilities, in particular I need to lock it down so no "Put's" can happen for a start! The web pages are simple flat form, text and static graphics, with a little client side scripting, purely to find the client's local date and time, to select the graphic to serve.

I believe Beech had some advice on this.  It's probably pretty good :-)

Have a FTP server, so I can automate some of the web page graphics updates, from other systems that generate the data, and can FTP files across the LAN, also of course for general web page maintenance needs.

The base system ftpd is run from inetd, a "super server" which can serve
several small protocols.  Have a look at /etc/inetd.conf.  The first "real" 
line:

#ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l

   Uncomment that (remove the 'hash'), and save it (you'll have to be root
again, of course).

See if inetd is running:

$ pgrep inetd

If you get a number(PID), it's running.  Otherwise, you'll probably need
to enable it.  Again, you need:
  inetd_enable="YES"
in /etc/rc.conf.  Add the line and either a] reboot, or b] issue the
following with root privileges:
   /etc/rc.d/inetd start

Sound familiar?

*IF* inetd was *already running*, all you should have to do is issue:

$ kill -HUP `pgrep inetd`

It'd be nice to have a VPN endpoint, but not esential, as that is currently living on another W2k box. But in the long term perhaps. The only complication with that, is I need to be able to tunnel a UDP VoIP stream over/throug it. (I currently use Hamachi on Windows for that, it works well.) Also, the "other end" needs to live on a XP (or later) Laptop.

I'll leave vpn to someone more knowledgeable in that area.  AFAIK you'll
have to install a port; /usr/ports/security/openvpn is likely the canonical
program, but, as I say, seek other advice on that fo' shizzle ;-)

I would preffer to have FTP login's that are in no way related to any system login users.

I can't help with that either; check the docs on Beech's suggestions,
perhaps.

Lastly, I have everything so far (on the Win2k box) working well with highly non standard (high numbered) ports. Even thoug it's "exposed" (via port forwarding in the router) to the outside, there is next to no "noise", (script kiddies, chinese hackers etc) poking arround my back passage.

Of all the stuff I've read so far in the FreeBSD handbook, and a few other places, not one mention is made (that I can see so far) of how to set services for alternative port numbers?

That's generally in the configuration file for the server.  This information
might be available in the manpage, if one exists.

For example:

$man sshd | col -bx > ~/sshd.txt
$ grep -c port ~/sshd.txt
22

So, there's at least 22 mentions of "port" in the sshd manpage.
As it turns out, there's a line in /etc/ssh/sshd_config that gives
it right away:

$ grep -i port /etc/ssh/sshd_config
#Port 22
# Disable legacy (protocol version 1) support in the server for new
#GatewayPorts no

So, remove the comment from the "Port 22" line, change the number
from the default 22 (222, perhaps, for memory's sake?) and either a]
reboot, or b] "kill -HUP `pgrep sshd`"   (sounding REAL familiar now).

Incidentally, one might suggest that running on non-standard ports
is merely security by obscurity.  In the case of sshd, at least, a
better solution might be to only allow key-based authentication; but,
as I said, that's just a suggestion.  I have done such things myself
a time or two ... I kinda think I just delayed the inevitable in that
case, though.

Lastly, as I don't want to break the existing NTP server, I may find another PC of similar spec, to mess with, witn some sort of impunity.

Well, as I mention, often you can enable and start these additional
services from the base system with little or no interruption to extant
services at all (which, IMHO, is exactly as a Real Server should work,
take that, M$).  But I suppose we'd certainly understand.  You might
even just get a Live-CD distribution and dink around with that.  AFAIK,
you could run ftpd, inetd, and sshd temporarily on those just to get
a feel for how to administer them.

My $0.02,

Kevin D. Kinsey
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to