Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
This question was last asked in 2003, so I figure it's okay to ask it again in 2007, especially WRT ssh -2.
Is SSH, especially SSH -2, as secure or more secure than a Cicso-supplied VPN connection?
My home computer runs Debian Sarge kernel 2.6. I can connect to my school's server via either SSH -2 or VPN. The school only has documentation about VPN, not SSH, for off-campus access in Windows, Linux and Mac. They have no liveware support for Linux at all, although the IT department and various schools are very heavy Linux users. Unless you're on staff in that particular department, there is zippo support, nada, none-at-all for Linux.
I was under the impression that VPN was the most secure access, so went for this off-campus. My trial-and-error setup let to something that's probably unnessarily convoluted: I'll start up and connect to the schools server over VPN, then login using ssh -2 over that connection. My old Linksys router couldn't handle VPN's MTU and couldn't be reset. My current (also old) Motorola Surfboard cable modem has problems with IPv6 over IPv4 tunneling.
I'd love to drop the VPN connection entirely for Linux and just use the SSH protocols (is that the right word?). None of the routers or modems I've used seem to have problems with SSH. Would this make my home computer less secure?
Any information, answers or best guesses greatly appreciated.
Either ssh or VPN can be more secure, it is a question of how things are configured. Both ssh and VPNs tend to use many of the same encryption techniques. What is the most secure is doing both, as you say you already are. That way, to the public internet, they would have to get through the VPN encryption on the outside, then the ssh encryption on the inside of that. It also protects you from malicious users within you campus network or connected on the VPN, because even though they can appear as LAN computers through the use of the VPN, your communications would still have the ssh encryption to the server you ssh into.
Much of this is out of your control. You don't set the VPN security, and unless you have root level access to the box you are using ssh to reach, you can't control what encryption the ssh daemon running on it uses. You seem pissed about the support thing. It is entirely possible that the machine you are using ssh to reach through the VPN is not accessible through ssh alone. It may be that this box requires you to reach it only through a LAN address (which requires VPN), or it may have ssh running on a non-standard port if you connect through the WAN. There are many things that factor into this, and we can only give guesses as to what may be happening.
Neither the VPN nor ssh has any impact on your home computer's security, unless the VPN forces all internet traffic through a tunnel onto the school network. You are just a client. Using ssh or VPN client software doesn't open service ports that are otherwise closed. There are worlds of difference between using ssh to connect to another computer, and running sshd. What you asked is roughly equivalent to saying, "is it more secure to look at google.com or yahoo.com?" A VPN that forces all internet bound traffic through a tunnel would make your machine more secure, but any time you aren't running the VPN client, you are only as secure as your connection allows you to be.
Without hard info about what encryption the VPN or ssh is using, we can't compare and contrast. Using both is likely to be the most secure.