Devin Reade wrote:
> Another option that you might want to look at is putting up an OpenBSD
> gateway running authpf (see <http://www.openbsd.org/faq/pf/authpf.html>).
>
> The model there is an outside user has to open up an ssh shell
> to the authpf gateway before they are allowed to access services
> inside the network. If their gateway shell goes away, so does their
> access. If you require password / secure token / whatever auth
> on the gateway, then you do that once and then you can use ssh-key
> auth to get to your inside machines as much as you'd like.
>
> Authpf can be used to allow/restrict access to arbitrary network
> services; it's not limited to just ssh. The shell the user gets
> on the authpf gateway is not usable for anything else; it just
> sits there until the user logs out, so it can't be used to
> crack the gateway or internal machines.
>
That is not something to strive for. What about my WISP network? how
would I protect multiple systems not at the single location and with
multiple incoming paths? Adding another box it worst of all options.
Ljubomir
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
