LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-22-2007, 09:45 PM   #1
Lexia
Member
 
Registered: Nov 2003
Location: SouthEastern USA
Distribution: Debian Sarge
Posts: 31

Rep: Reputation: 15
SSH -2 as secure as VPN?


Hi, all,

This question was last asked in 2003, so I figure it's okay to ask it again in 2007, especially WRT ssh -2.

Is SSH, especially SSH -2, as secure or more secure than a Cicso-supplied VPN connection?

My home computer runs Debian Sarge kernel 2.6. I can connect to my school's server via either SSH -2 or VPN. The school only has documentation about VPN, not SSH, for off-campus access in Windows, Linux and Mac. They have no liveware support for Linux at all, although the IT department and various schools are very heavy Linux users. Unless you're on staff in that particular department, there is zippo support, nada, none-at-all for Linux.

I was under the impression that VPN was the most secure access, so went for this off-campus. My trial-and-error setup let to something that's probably unnessarily convoluted: I'll start up and connect to the schools server over VPN, then login using ssh -2 over that connection. My old Linksys router couldn't handle VPN's MTU and couldn't be reset. My current (also old) Motorola Surfboard cable modem has problems with IPv6 over IPv4 tunneling.

I'd love to drop the VPN connection entirely for Linux and just use the SSH protocols (is that the right word?). None of the routers or modems I've used seem to have problems with SSH. Would this make my home computer less secure?

Any information, answers or best guesses greatly appreciated.

Lexia
 
Old 02-23-2007, 03:24 PM   #2
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
Either ssh or VPN can be more secure, it is a question of how things are configured. Both ssh and VPNs tend to use many of the same encryption techniques. What is the most secure is doing both, as you say you already are. That way, to the public internet, they would have to get through the VPN encryption on the outside, then the ssh encryption on the inside of that. It also protects you from malicious users within you campus network or connected on the VPN, because even though they can appear as LAN computers through the use of the VPN, your communications would still have the ssh encryption to the server you ssh into.

Much of this is out of your control. You don't set the VPN security, and unless you have root level access to the box you are using ssh to reach, you can't control what encryption the ssh daemon running on it uses. You seem pissed about the support thing. It is entirely possible that the machine you are using ssh to reach through the VPN is not accessible through ssh alone. It may be that this box requires you to reach it only through a LAN address (which requires VPN), or it may have ssh running on a non-standard port if you connect through the WAN. There are many things that factor into this, and we can only give guesses as to what may be happening.

Neither the VPN nor ssh has any impact on your home computer's security, unless the VPN forces all internet traffic through a tunnel onto the school network. You are just a client. Using ssh or VPN client software doesn't open service ports that are otherwise closed. There are worlds of difference between using ssh to connect to another computer, and running sshd. What you asked is roughly equivalent to saying, "is it more secure to look at google.com or yahoo.com?" A VPN that forces all internet bound traffic through a tunnel would make your machine more secure, but any time you aren't running the VPN client, you are only as secure as your connection allows you to be.

Without hard info about what encryption the VPN or ssh is using, we can't compare and contrast. Using both is likely to be the most secure.

Peace,
JimBass
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH -2 as secure as VPN? Lexia Linux - Networking 2 02-23-2007 08:41 PM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 12:54 AM
Which more secure, VPN or SSH server? Akonbobot Linux - Security 15 03-14-2006 09:04 PM
Secure remote desktop with Linux? VNC? SSH? VPN? sauce Linux - Security 3 12-16-2005 01:24 PM
Secure VPN XaViaR Suse/Novell 3 08-30-2005 03:52 PM


All times are GMT -5. The time now is 02:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration