Thank you Thomas.
On 09/09/2011, Tomas Bodzar <[email protected]> wrote:
> http://www.openbsd.org/faq/pf/authpf.html
At first glance that looks really cool (well it still looks cool) but
I'm not sure it's what I'm after.
As far as I can tell the authentication is secure and ties a ruleset
to an IP but from then on the usual suspects apply (eavesdropping,
spoofing).
I see this on the man page:
BUGS
The authenticating ssh(1) connection
may be secured, but if the network is not secured the user may expose
insecure protocols to attackers on the same network, or enable other
attackers on the network to pretend to be the user by spoofing their IP
address.
I'll be doing everything here http, etcetera.
Am I reading this right?
I do see a authpf-noip section in the man page but it seems that as
far as encryption goes that is up to other mechanisms also. Is that
right?
> or you can slightly modify this one which is quite old, but not so
> much changed in fact
> http://www.openbsd-support.com/jp/en/htm/mgp/pacsec05/index.html
Cheers.
I read about halfway and it seems focussed on securing from Windows
clients onward. While I do have some Windows machines I'd rather
crunch my data from the OpenBSD machines.
Best wishes.
