> > > I don't think you need a VPN to SSH from your laptop to the remote > > > server -- SSH is already encrypted. > > > > For sure, but it seems like running SSH inside a VPN is better for > > security than running SSH on a non-standard port or even port > > knocking. If I need to set up a VPN for printing, shouldn't I use it > > for other stuff too? Maybe not, I have yet to actually use a VPN so > > please correct me if I'm wrong. > > The name tells you everything you need to know. > > vpn is Virtual Private *Network*. If you would normally have a dedicated > line between this place and that place to form a network, but this is > too expensive so you use the internet instead, then you use a vpn. Why? > Because the internet is a public pathway and you don't want your stuff > out in the open. > > If you want a client machine somewhere to connect to a server machine > somewhere else, then this is normal internet connectivity and vpn is > the wrong thing. If you want the client machine to be part of the same > network the server is on so that lots of stuff works the way it does in > the office itself, then vpn is the correct thing. > > Even if you just want to encrypt some clear-text protocol that doesn't > have an encrypted equivalent, a vpn is still overkill. For that you use > ssh tunneling (which is essentially the same thing as an encrypted > version of a protocol). 'ssh -X' is the classic example of easily > tunneling a protocol that doesn't have a native encrypted equivalent.
I see what you're saying. Can tunneling through ssh be made automatic so that a cron job initiates a script that opens a tunnel between the remote server and local print server and pages are printed through the tunnel? > Your statement "it seems like running SSH inside a VPN is better for > security than running SSH on a non-standard port" is non-sensical. From > a security and encryption perspective, ssh and OpenVPN are exactly the > same thing - stuff wrapped in an encryption layer provided by ssl, > complete with exactly the same key setup should you choose to use that > route. What about having ssh, imap, smtp, cups, and possibly a non-standard https port all hidden within a VPN? Should that be considered a benefit of running a VPN? - Grant -- [email protected] mailing list
