| 1 |
On Tue, 2008-02-12 at 19:30 +0200, Alan McKinnon wrote: |
| 2 |
> On Tuesday 12 February 2008, Etaoin Shrdlu wrote: |
| 3 |
> > On Tuesday 12 February 2008, Alan McKinnon wrote: |
| 4 |
> > > Your statement "it seems like running SSH inside a VPN is better |
| 5 |
> > > for security than running SSH on a non-standard port" is |
| 6 |
> > > non-sensical. From a security and encryption perspective, ssh and |
| 7 |
> > > OpenVPN are exactly the same thing - stuff wrapped in an encryption |
| 8 |
> > > layer provided by ssl, complete with exactly the same key setup |
| 9 |
> > > should you choose to use that route. |
| 10 |
> > |
| 11 |
> > Perhaps confusingly, ssh itself can be used to create openVPN-like |
| 12 |
> > VPNs (actually, much simpler), using the -w option and a couple of |
| 13 |
> > tun (or tap) interfaces on the connected computers. |
| 14 |
> |
| 15 |
> hehehe, I'd forgetten about that one for a bit :-) |
| 16 |
> |
| 17 |
> I just thought of a nice way to describe the difference (seeing as |
| 18 |
> technically they are essentially equivalent): |
| 19 |
> |
| 20 |
> Use SSH if you need a quick ad-hoc connection or something temporary. |
| 21 |
> Use OpenVPN if you need something more permanent that is always prsent |
| 22 |
> and just works. |
| 23 |
> |
| 24 |
> -- |
| 25 |
> Alan McKinnon |
| 26 |
> alan dot mckinnon at gmail dot com |
| 27 |
> |
| 28 |
|
| 29 |
Another alternative not mentioned so far - zebedee. Its a port based |
| 30 |
tunnel - that is instead of creating a new network with all its fuss and |
| 31 |
bother, just create a local port (may be on another local machine) that |
| 32 |
"surfaces" on a distant machine/network. I used it for many years for |
| 33 |
email and protecting telnet servers before openvpn became of age and my |
| 34 |
needs expanded. Recommended. Again, ssh can do this as well, but |
| 35 |
zebedee is a lot more flexible/convenient. Create tunnels for ports 25, |
| 36 |
143 and 631 and you have email and cups. e.g., I map port 2225 to port |
| 37 |
25 and set my local mail client to send email to localhost:2225 and it |
| 38 |
magicly connects to my mail server at home. |
| 39 |
|
| 40 |
It can also be done at a user level - you dont need admin privileges so |
| 41 |
if you have user level access to a machine, you can run a tunnel on it |
| 42 |
unlike openvpn. It is also cross platform which is nice :) |
| 43 |
|
| 44 |
>From the mailing list, it seems there are quite a few enterprise users |
| 45 |
as its got a good reputation in its niche. |
| 46 |
|
| 47 |
BillK |
| 48 |
|
| 49 |
|
| 50 |
-- |
| 51 |
gentoo-user@l.g.o mailing list |
Archives