I personally would like to see an ssh console in m0n0wall - it was one
feature in SmoothWll that I really, really liked - it made passing
things through ssh really, really easy for remote administration at
client sites. And with m0n0wall supporting (some of) the Soekris
hardware encryption cards, if ssh could use these, it'd make it rather
schweet on Soekris and similar hardware.
I also completely agree that "because that would make it easier for
development" is a great reason NOT to include a particular feature. :)
And your "gcc" comment is one that I use all the time - if you want to
make it easy for hackers to develop their own code on your firewall, why
password it, and why not leave gcc on it?
ssh is a highly useful app/server. Even if it is not used to access the
m0n0wall itself, it can be used to securely (encrypted, with
username/password (or preferably certificates) authentication) pass
traffic through the firewall to an internal box (such as a Windows box,
on which a decent and affordable ssh server is not easy to find).
Hilton Travis Phone: +61 (0)7 3343 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark AudioVisual http://www.quarkav.net
http://www.threatcode.com/ <-- its now time to shame poor coders
into writing code that is acceptable for use on today's networks
War doesn't determine who is right. War determines who is left.
> -----Original Message-----
> From: Michael A. Alderete [mailto:lists dash 2003 at alderete dot com]
> Sent: Monday, 5 July 2004 01:46
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] ssh console?
> >Shell access via ssh would also make development of new
> features a lot
> >easier for those of us that don't have a seokris and another
> bsd box to
> >be the image server.
> By that argument, leaving gcc on there would be a good idea, too. ;-)
> Seriously, the fact that it would make development easier is
> one of the big reasons why it's *not* included. m0n0wall
> wasn't created to be a firewall development environment; it
> was created to be a secure and simple (to use) firewall
> appliance: set up via web interface, and forget.
> It would not be hard to argue that it would be nice to have a
> specialized version of m0n0wall (m0n0dev) that was a good
> firewall development environment, ideal for hacking on tweaks
> for m0n0wall.
> But to put those things into m0n0wall itself, just to make
> m0n0 hacking easier, would be a significant change from
> Manuel's philosophy for the project.
> Michael A. Alderete <mailto:lists dash 2003 at alderete dot com>
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch