Another option that you might want to look at is putting up an OpenBSD
gateway running authpf (see <http://www.openbsd.org/faq/pf/authpf.html>).
The model there is an outside user has to open up an ssh shell
to the authpf gateway before they are allowed to access services
inside the network. If their gateway shell goes away, so does their
access. If you require password / secure token / whatever auth
on the gateway, then you do that once and then you can use ssh-key
auth to get to your inside machines as much as you'd like.
Authpf can be used to allow/restrict access to arbitrary network
services; it's not limited to just ssh. The shell the user gets
on the authpf gateway is not usable for anything else; it just
sits there until the user logs out, so it can't be used to
crack the gateway or internal machines.
Devin
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
