[AdieuToLogic]

> Yeaaah you're trying poke holes.

No, I am trying to remind you of the topic which was under discussion. To wit:

  The Reluctant Sysadmin's Guide to Securing a Linux Server

> Are you stating your system is infaliable?

  A straw man fallacy (sometimes written as strawman) is the
  informal fallacy of refuting an argument different from
  the one actually under discussion, while not recognizing or
  acknowledging the distinction.[0]

> Tooling takes a team to support it.

See above quote.

> You think ...

You do not know what I think nor my experiences, so please do not be so arrogant as to assume so.

>> And what wheel did I "reinvent"?

> Implementing old security practices.

Again, please refer to the *article under discussion*. In the event it remains unclear, I will restate its title:

  The Reluctant Sysadmin's Guide to Securing a Linux Server

> Why wouldn't you move to be better pratices and prevent larger holes in your network?

See previous strawman definition and link below.

> Often companies get into this repetitious cycle of reimplementation or reinvention of existing tools and technology just to manage access especially ssh. The convention of using a cloud platform is to use a cloud platform's security access not some sketched up VPN and SSH system.

Again, see previous strawman definition above and link below.

Note that the only ssh-related recommendation I proffered was:

  Unless you are saying "don't expose port 22 to
  the world...", which is a common (small) part of
  security-in-depth.

This is a well-known, albeit very small and insufficient by itself, part of helping to reduce attack vectors.

As to "sketched up VPN and SSH system", I have no idea as to what you are referencing. Perhaps this is a recollection of a previous engagement wherein decisions made remind you of a bad situation similar to, but different than, this?

HTH

0 - https://en.wikipedia.org/wiki/Straw_man

EDIT: corrected spelling from "waas" to "was"

[Sparkyte]

Strawman argument sometimes is used to draw out a point. You can not confidently say your security solution is infabiable and nor should you. The article is just a good runbook of things and less a guide. But if you are working on the cloud you shouldn't go using old management methods like they belong in your network.

You would not believe how many companies are dependent on patching through users through VPNs in order to access remote hosts. I mean some have to because of no other solutions like managing their own on-prem. I kind of would be interested in AWS access management capable of being implemented within an on-prem.