The merits of OpenVPN vs (or with??) ssh aside, ssh is default installed on most *nix systems & well established there is another layer of work and config involved with VPN (generating & distributing certs etc)
I have used both but can very quickly set up ssh access VPN is more laborious (is that just me?). my 2 cents. Tricia On Thu, Nov 26, 2009 at 10:47 AM, Jeremy <[email protected]> wrote: > Stephane Bakhos wrote: >>>> Its exciting to see so many people interested in using Linux more and >>>> more. I am often asked about setting up a "small server" for web, >>>> >>> Nice write up Jimmy, one other thing I do is to set the SSH listening >>> port to be something non-standard. It is really just obscuring the fact >>> SSH is there, but it stops all those logged intrusion attempts, and if >>> you put the port up high, the server looks completely closed to incoming >>> traffic on many port scans. >>> >> >> Why not use a VPN like openvpn / gvpe / pptp ? >> You can just have sshd listen only to connections on the vpn. >> >> And if you really need to have sshd on a public ip from time to time, you >> can use port knocking. > What would a VPN give me that SSH does not? I mean I can even do SOCKS > proxying over SSH. It would hide SSH, but it would expose a port for VPN. > > I find obscuring the SSH port is pretty much the same as port knocking > (but less bother, plus I can access it from devices able to SSH but not > to port knock), very few will bother finding it, and if they do, they > can't brute force it for passwords anyways. > > Anyways, maybe someone could explain the merits of double encrypting as > Stephane suggests. I suppose it could have helped with the debian ssh > keygen debacle (but weren't VPN keys gen'd using same algo?). > > Jeremy > > PS: You can alias your ssh command to include the -p19092 (for example), > same for SCP. > > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > -- ___..____._..___._..___. ...|...|___/..|..|......|..|___| ...|...|.....\..|..|___.|..|.....| "I am always doing what I cannot do yet in order to learn how to do it." -Vincent Van Gogh _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
