> I've followed your instructions and I had to change > some commands. > > THEN EDIT THE SSHD CONFIG > I had this idea: have standard port no. 22 for trusted > LAN and a non-standard port for untrusted WAN (e.g > Internet). I read the man documentation and I changed > /etc/ssh/sshd_config by adding these three lines: > > # additional SSH port > Port xyz > ListenAddress aa.bb.cc.dd > > ...where aa.bb.cc.dd is a LAN IP >
Yup you can do that too. > > pkill didn't work on my pfSense. I had to use: > What version of pfS are you using? I have the latest 1.2 SNAP-7-21 loaded and pkill is in that build. Not sure if it "just" made it's way in recently or if it has been there. I'd assume that it has been there as it is a pretty common *NIX util/app. > The main problem I've seen while I was trying this > customization on the pfSense test machine is that > What I have to modify to make those changes permanent? Changes to this file are overwritten on every reboot or change to the Advanced settings page w/ a save. I suspect this will not be addressed in future releases as this is a one-off request and really has no real applicability ... IMHO. Remember this can all be accomplished by "rules". > An additional access to the pfSense machine from WAN > poses a security risk, especially if not well > configured, but I've the need to have an additional > way to manage the pfSense machine even if all PCs in > network are shutdown. > > Do you mean the following lines in sshd_config? No, follow the instructions on public_key authentication ... a good source is PuTTY's site. > In this case the problem seems to be these settings > are inherited by the ssh LAN port, too. Yes it does .... that is by daemon design ... don't know of a way around that. > It would be useful to have two config files You'd have to run dual daemons in that case, one for LAN and one for WAN ... I don't see that happening. > Thank you for your support! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
