[CentOS] ultrasecure sshd server

Devin Reade gdr at gno.org
Fri Jun 10 20:50:56 UTC 2011


--On Friday, June 10, 2011 08:55:47 PM +0200 Ljubomir Ljubojevic
<office at plnet.rs> wrote:

> Devin Reade wrote:
>> Another option that you might want to look at is putting up an OpenBSD
>> gateway running authpf (see <http://www.openbsd.org/faq/pf/authpf.html>).
[snip]
> That is not something to strive for.

Depends on the requirements.

> What about my WISP network? how 
> would I protect multiple systems not at the single location and with 
> multiple incoming paths? Adding another box it worst of all options.

The OP (to which I was responding) didn't say anything about such a
configuration.  I'm not suggesting that authpf solves all the world's
problems.  Would one gateway protect disjoint networks? No.  But on the
other hand, multihomed networks are just fine.

Having lots of tools in your toolbox lets you pick the best one for
the job.  If it's not the right tool, don't use it.  But that doesn't
reflect on the tool, just on it's applicability to the task at hand.

Devin




More information about the CentOS mailing list