> What exactly does your budget mean? These are all free, open source > operating system. You may sell both OpenBSD and any installations and > consulting. That could improve your income for your budget.
I am in the process of trying to find a devops remote work, may be it will improve my budget, actually I am not familiar with current global market and my position in it and not sure if I have enough time to get a secure working place before I will have to look for cheaper and less qualified job alternatives not so sensitive to my working place security. > Open source means that most developers work for free and fun or to > obtain something they in particular want. Convince some developers to > work on your own desires, whether with OpenBSD or elsewhere. I am just trying to get a help at least with a simple question if Orange PI ONE (Cortex A7 free of Spectre issue) + Nitrokey Pro 2 + OpenBSD is enough for a secure SSH server and client end points, still nobody told anything related to it. Or may be anyone knows are there any better alternatives? > >> I guess it is a huge work to harden Linux installation to a level compared >> to OpenBSD, there is some interesting work which is by Whonix but >> unfortunately with systemd, and it seems someone from that community is >> referring to isopenbsdsecu.re site, so it looks to me like a OpenBSD vs >> Whonix dispute, excuse me if I am wrong. > > Linus actively discourages security work. OpenBSD is thrilled to > actively work on security. A major compenent that brings security > benefits is simple auditing of code, not for security but for > correctness. > If you are seeking perfect security, YOU CAN'T HAVE IT! > It is impossible. Not even agencies such as the NSA, etc have it. > Remember Edward Snowden? All systems can be breached. Period. Then how can I provide a good level of security for my remote client if everything can be broken? How much does it cost to break remotely into a SSH server running OpenBSD on Orange PI ONE with SSH private keys stored in Nitrokey Pro 2? If I connect to it from my home from a similar dedicated console (say Cubietruck + Nitrokey Pro 2 + OpenBSD) without any other spare software on that board? It will be dedicated only for devops activity. On both side of the channel would be a firewall which allows connection only for specified IP addresses (me and the client). Local physical perimeter is secured at least against external threats, I cannot protect from a teleportation :) But presumably it is not possible to reflash Orangle PI Boot ROM or Nitrokey Pro 2 anyway and I can periodically verify integrity of OpenBSD installation on the SD card. Any other applications except SSH and ansible like browsers would be running from another computers or cloud VM. > > My suggestion is to stop taking a confrontational attitude ( you may not > even realize you are doing it) and try to take a congenial attitude. It > will always produce more good results than confrontation. Good point, I am just trying to, OpenBSD chat and community is very nice, it is very interesting to talk to such high qualified persons, Thank you
