1 |
On Tue, 2008-02-12 at 19:30 +0200, Alan McKinnon wrote: |
2 |
> On Tuesday 12 February 2008, Etaoin Shrdlu wrote: |
3 |
> > On Tuesday 12 February 2008, Alan McKinnon wrote: |
4 |
> > > Your statement "it seems like running SSH inside a VPN is better |
5 |
> > > for security than running SSH on a non-standard port" is |
6 |
> > > non-sensical. From a security and encryption perspective, ssh and |
7 |
> > > OpenVPN are exactly the same thing - stuff wrapped in an encryption |
8 |
> > > layer provided by ssl, complete with exactly the same key setup |
9 |
> > > should you choose to use that route. |
10 |
> > |
11 |
> > Perhaps confusingly, ssh itself can be used to create openVPN-like |
12 |
> > VPNs (actually, much simpler), using the -w option and a couple of |
13 |
> > tun (or tap) interfaces on the connected computers. |
14 |
> |
15 |
> hehehe, I'd forgetten about that one for a bit :-) |
16 |
> |
17 |
> I just thought of a nice way to describe the difference (seeing as |
18 |
> technically they are essentially equivalent): |
19 |
> |
20 |
> Use SSH if you need a quick ad-hoc connection or something temporary. |
21 |
> Use OpenVPN if you need something more permanent that is always prsent |
22 |
> and just works. |
23 |
> |
24 |
> -- |
25 |
> Alan McKinnon |
26 |
> alan dot mckinnon at gmail dot com |
27 |
> |
28 |
|
29 |
Another alternative not mentioned so far - zebedee. Its a port based |
30 |
tunnel - that is instead of creating a new network with all its fuss and |
31 |
bother, just create a local port (may be on another local machine) that |
32 |
"surfaces" on a distant machine/network. I used it for many years for |
33 |
email and protecting telnet servers before openvpn became of age and my |
34 |
needs expanded. Recommended. Again, ssh can do this as well, but |
35 |
zebedee is a lot more flexible/convenient. Create tunnels for ports 25, |
36 |
143 and 631 and you have email and cups. e.g., I map port 2225 to port |
37 |
25 and set my local mail client to send email to localhost:2225 and it |
38 |
magicly connects to my mail server at home. |
39 |
|
40 |
It can also be done at a user level - you dont need admin privileges so |
41 |
if you have user level access to a machine, you can run a tunnel on it |
42 |
unlike openvpn. It is also cross platform which is nice :) |
43 |
|
44 |
>From the mailing list, it seems there are quite a few enterprise users |
45 |
as its got a good reputation in its niche. |
46 |
|
47 |
BillK |
48 |
|
49 |
|
50 |
-- |
51 |
gentoo-user@l.g.o mailing list |