[ previous ] [ next ] [ threads ]
 
 From:  "Gorm J. Siiger" <gjs at sonnit dot dk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ssh console?
 Date:  Thu, 1 Jul 2004 09:34:08 +0200
> 
> I once made a cash donation to the project, and then followed up by asking
> for ssh. Manuel asked me what I thought I would do with ssh access, since
> there was no shell, no text editor, etc. My only answer was "uh...dick
> around, like on my FreeBSD system". After a couple more e-mails, I conceded
> that having ssh access in m0n0wall did not make sense, and withdrew the
> request.
>        ----
> 

I'm working daily with enterprise firewall's (not the small kind) - and if I
didn't have shell access to the boxes support would take 3-10 times longer
and be alot more complex.

tcpdump is your most important tool in debugging and problem solving, sure
you can put up three or four local sniffers, do port mirroring and other
stuff but it takes time and cost money.

So I see two ways of solving this problem:

1. Make shell access via SSH and give access to tcpdump, ping, tracroute,
arp etc. 

2. I know there is a client/server tcpdump util, and with the client you can
dump remotely on the box from you pc.

I'm using m0n0wall for some things, and it's a great piece of software. But
with shell access - it would definately be better.

-- 
Gorm J. Siiger - SonnIT