[CentOS] ultrasecure sshd server
Ljubomir Ljubojevic
office at plnet.rs
Fri Jun 10 18:55:47 UTC 2011
Devin Reade wrote:
> Another option that you might want to look at is putting up an OpenBSD
> gateway running authpf (see <http://www.openbsd.org/faq/pf/authpf.html>).
>
> The model there is an outside user has to open up an ssh shell
> to the authpf gateway before they are allowed to access services
> inside the network. If their gateway shell goes away, so does their
> access. If you require password / secure token / whatever auth
> on the gateway, then you do that once and then you can use ssh-key
> auth to get to your inside machines as much as you'd like.
>
> Authpf can be used to allow/restrict access to arbitrary network
> services; it's not limited to just ssh. The shell the user gets
> on the authpf gateway is not usable for anything else; it just
> sits there until the user logs out, so it can't be used to
> crack the gateway or internal machines.
>
That is not something to strive for. What about my WISP network? how
would I protect multiple systems not at the single location and with
multiple incoming paths? Adding another box it worst of all options.
Ljubomir
More information about the CentOS
mailing list