Re: difference between SSL, SSH and VPN

• Previous message: Ivan Krsul: "Signal handling in SSH"
• In reply to: Joss: "Re: difference between SSL, SSH and VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 19 May 2003 13:32:27 -0700

>>>>> "Joss" == Joss <joss@pleasereplytogroup.com> writes:

    Joss> so, why would you use SSH over VPN, or vice versa?

Warning: pure uninformed speculation follows.

VPN over SSH, if it were possible (which I don't know) would seem to
be quite useful since VPN is transparent. Thus I could start up some
vpn-over-ssh application, which would run in the background, and my
computer would suddenly appear to have a second network adapter; and
traffic over that adapter would be automatically encrypted. So any
program that uses the network -- even if it doesn't use TCP -- would
get encryption for free when it communicates over that adapter.

This is in contrast to using SSH alone, in which case I can only use
programs that communicate via TCP, and even then I must tell SSH to
forward ports, which may not be possible if I'm not root; and I might
have to tell the program to use some port other than the one it
expects to use, which might not be possible.

SSH over VPN doesn't sound *inherently* useful, but I could imagine
using it anyway, like this:

1) I use a standard VPN system to connect to my work network from
   home. I use VPN because that's the only remote access method which
   my employer has provided.

2) Now I want to interact with machine `foo' on my work network. As
   it happens, the only way to interact with that machine is via SSH,
   just because that's how that machine's administrator has configured
   it. So I have to run an SSH client to talk to that machine. My
   interaction with that machine is thus getting encrypted twice --
   once by SSH, once again by VPN. This feels like a waste of CPU
   cycles, but I don't know of any way around it.

-- 
This movie doesn't scrape the bottom of the barrel.  This movie isn't
the bottom of the barrel.  This movie isn't below the bottom of the
barrel.  This movie doesn't deserve to be mentioned in the same
sentence with barrels.
        Roger Ebert on "Freddy Got Fingered"

• Previous message: Ivan Krsul: "Signal handling in SSH"
• In reply to: Joss: "Re: difference between SSL, SSH and VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IPSec VPN into XP Pro ... This page has more information concerning the XP VPN... ... As far as SSH is concerned, I just think its a whole lot easier for home users like myself to setup ... a few consumer grade routers and the problems encountered getting a PPTP tunnel through them... ... > tunnel and set up secure redirections via command line. ... (microsoft.public.windowsxp.work_remotely) Re: Relationship SSH <-> VPN ?? ... I'm not sure whether you're most probably referring to *SSL* vs. VPN, ... and not SSH. ... A Virtual Private Network, VPN, is a secure "network" built on top of ... (comp.security.misc) Re: Relationship SSH <-> VPN ?? ... I'm not sure whether you're most probably referring to *SSL* vs. VPN, ... and not SSH. ... A Virtual Private Network, VPN, is a secure "network" built on top of ... (comp.os.linux.security) Re: Relationship SSH <-> VPN ?? ... I'm not sure whether you're most probably referring to *SSL* vs. VPN, ... and not SSH. ... A Virtual Private Network, VPN, is a secure "network" built on top of ... (comp.security.firewalls) Re: Relationship SSH <-> VPN ?? ... I'm not sure whether you're most probably referring to *SSL* vs. VPN, ... and not SSH. ... A Virtual Private Network, VPN, is a secure "network" built on top of ... (comp.security.ssh)