> I've followed your instructions and I had to
change
> some commands.
> 
> THEN EDIT THE SSHD CONFIG
> I had this idea: have standard port no. 22 for
trusted
> LAN and a non-standard port for untrusted WAN
(e.g
> Internet). I read the man documentation and I
changed
> /etc/ssh/sshd_config by adding these three
lines:
> 
> # additional SSH port
> Port xyz
> ListenAddress aa.bb.cc.dd  
> 
> ...where aa.bb.cc.dd is a LAN IP
>

Yup you can do that too.
 
>
> pkill didn't work on my pfSense. I had to use:
> 

What version of pfS are you using?  I have the
latest 1.2 SNAP-7-21 loaded and pkill is in that
build.  Not sure if it "just" made it's way in
recently or if it has been there.  I'd assume that
it has been there as it is a pretty common *NIX
util/app.

> The main problem I've seen while I was trying
this
> customization on the pfSense test machine is
that
> What I have to modify to make those changes
permanent?

Changes to this file are overwritten on every
reboot or change to the Advanced settings page w/
a save.  I suspect this will not be addressed in
future releases as this is a one-off request and
really has no real applicability ... IMHO. 
Remember this can all be accomplished by "rules".

> An additional access to the pfSense machine from
WAN
> poses a security risk, especially if not well
> configured, but I've the need to have an
additional
> way to manage the pfSense machine even if all
PCs in
> network are shutdown.
> 
> Do you mean the following lines in sshd_config?

No, follow the instructions on public_key
authentication ... a good source is PuTTY's site.

> In this case the problem seems to be these
settings
> are inherited by the ssh LAN port, too.

Yes it does .... that is by daemon design ...
don't know of a way around that.

> It would be useful to have two config files

You'd have to run dual daemons in that case, one
for LAN and one for WAN ... I don't see that
happening.

> Thank you for your support!



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to