Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
This question was last asked in 2003, so I figure it's okay to ask it again in 2007, especially WRT ssh -2.
Is SSH, especially SSH -2, as secure or more secure than a Cicso-supplied VPN connection?
My home computer runs Debian Sarge kernel 2.6. I can connect to my school's server via either SSH -2 or VPN. The school only has documentation about VPN, not SSH, for off-campus access in Windows, Linux and Mac. They have no liveware support for Linux at all, although the IT department and various schools are very heavy Linux users. Unless you're on staff in that particular department, there is zippo support, nada, none-at-all for Linux.
I was under the impression that VPN was the most secure access, so went for this off-campus. My trial-and-error setup let to something that's probably unnessarily convoluted: I'll start up and connect to the schools server over VPN, then login using ssh -2 over that connection. My old Linksys router couldn't handle VPN's MTU and couldn't be reset. My current (also old) Motorola Surfboard cable modem has problems with IPv6 over IPv4 tunneling.
I'd love to drop the VPN connection entirely for Linux and just use the SSH protocols (is that the right word?). None of the routers or modems I've used seem to have problems with SSH. Would this make my home computer less secure?
Any information, answers or best guesses greatly appreciated.
Either ssh or VPN can be more secure, it is a question of how things are configured. Both ssh and VPNs tend to use many of the same encryption techniques. What is the most secure is doing both, as you say you already are. That way, to the public internet, they would have to get through the VPN encryption on the outside, then the ssh encryption on the inside of that. It also protects you from malicious users within you campus network or connected on the VPN, because even though they can appear as LAN computers through the use of the VPN, your communications would still have the ssh encryption to the server you ssh into.
Much of this is out of your control. You don't set the VPN security, and unless you have root level access to the box you are using ssh to reach, you can't control what encryption the ssh daemon running on it uses. You seem pissed about the support thing. It is entirely possible that the machine you are using ssh to reach through the VPN is not accessible through ssh alone. It may be that this box requires you to reach it only through a LAN address (which requires VPN), or it may have ssh running on a non-standard port if you connect through the WAN. There are many things that factor into this, and we can only give guesses as to what may be happening.
Neither the VPN nor ssh has any impact on your home computer's security, unless the VPN forces all internet traffic through a tunnel onto the school network. You are just a client. Using ssh or VPN client software doesn't open service ports that are otherwise closed. There are worlds of difference between using ssh to connect to another computer, and running sshd. What you asked is roughly equivalent to saying, "is it more secure to look at google.com or yahoo.com?" A VPN that forces all internet bound traffic through a tunnel would make your machine more secure, but any time you aren't running the VPN client, you are only as secure as your connection allows you to be.
Without hard info about what encryption the VPN or ssh is using, we can't compare and contrast. Using both is likely to be the most secure.