Dave wrote:
Hi. Sorry ... <snip>
Hello, and welcome. And I made it a bit shorter ;-)
> I'd like to:-
Have a ssh login via LAN available, I believe that's a standard feature,
but I expressedly disabled that (well, told it not to implement it) when
I orignaly installed the OS. Or have a VNC server running.
As someone mentioned:
sshd_enable="YES"
in /etc/rc.conf. You can then either a] reboot, or b] issue the
following with root privileges:
/etc/rc.d/sshd start
Have a small web server, again I've read that Apache can do a good job,
but I don't want (nor need) all it's facilities, in particular I need to
lock it down so no "Put's" can happen for a start! The web pages are
simple flat form, text and static graphics, with a little client side
scripting, purely to find the client's local date and time, to select the
graphic to serve.
I believe Beech had some advice on this. It's probably pretty good :-)
Have a FTP server, so I can automate some of the web page graphics
updates, from other systems that generate the data, and can FTP files
across the LAN, also of course for general web page maintenance needs.
The base system ftpd is run from inetd, a "super server" which can serve
several small protocols. Have a look at /etc/inetd.conf. The first "real"
line:
#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
Uncomment that (remove the 'hash'), and save it (you'll have to be root
again, of course).
See if inetd is running:
$ pgrep inetd
If you get a number(PID), it's running. Otherwise, you'll probably need
to enable it. Again, you need:
inetd_enable="YES"
in /etc/rc.conf. Add the line and either a] reboot, or b] issue the
following with root privileges:
/etc/rc.d/inetd start
Sound familiar?
*IF* inetd was *already running*, all you should have to do is issue:
$ kill -HUP `pgrep inetd`
It'd be nice to have a VPN endpoint, but not esential, as that is
currently living on another W2k box. But in the long term perhaps. The
only complication with that, is I need to be able to tunnel a UDP VoIP
stream over/throug it. (I currently use Hamachi on Windows for that, it
works well.) Also, the "other end" needs to live on a XP (or later)
Laptop.
I'll leave vpn to someone more knowledgeable in that area. AFAIK you'll
have to install a port; /usr/ports/security/openvpn is likely the canonical
program, but, as I say, seek other advice on that fo' shizzle ;-)
I would preffer to
have FTP login's that are in no way related to any system login users.
I can't help with that either; check the docs on Beech's suggestions,
perhaps.
Lastly, I have everything so far (on the Win2k box) working well with
highly non standard (high numbered) ports. Even thoug it's "exposed"
(via port forwarding in the router) to the outside, there is next to no
"noise", (script kiddies, chinese hackers etc) poking arround my back
passage.
Of all the stuff I've read so far in the FreeBSD handbook, and a few
other places, not one mention is made (that I can see so far) of how to
set services for alternative port numbers?
That's generally in the configuration file for the server. This information
might be available in the manpage, if one exists.
For example:
$man sshd | col -bx > ~/sshd.txt
$ grep -c port ~/sshd.txt
22
So, there's at least 22 mentions of "port" in the sshd manpage.
As it turns out, there's a line in /etc/ssh/sshd_config that gives
it right away:
$ grep -i port /etc/ssh/sshd_config
#Port 22
# Disable legacy (protocol version 1) support in the server for new
#GatewayPorts no
So, remove the comment from the "Port 22" line, change the number
from the default 22 (222, perhaps, for memory's sake?) and either a]
reboot, or b] "kill -HUP `pgrep sshd`" (sounding REAL familiar now).
Incidentally, one might suggest that running on non-standard ports
is merely security by obscurity. In the case of sshd, at least, a
better solution might be to only allow key-based authentication; but,
as I said, that's just a suggestion. I have done such things myself
a time or two ... I kinda think I just delayed the inevitable in that
case, though.
Lastly, as I don't want to break the existing NTP server, I may find
another PC of similar spec, to mess with, witn some sort of impunity.
Well, as I mention, often you can enable and start these additional
services from the base system with little or no interruption to extant
services at all (which, IMHO, is exactly as a Real Server should work,
take that, M$). But I suppose we'd certainly understand. You might
even just get a Live-CD distribution and dink around with that. AFAIK,
you could run ftpd, inetd, and sshd temporarily on those just to get
a feel for how to administer them.
My $0.02,
Kevin D. Kinsey
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"