On Wed, 19 May 2004, Edward wrote: > So, I was thinking about setting up dyndns or no-ip addresses for these > servers, then opening up the firewall for either ssh or VPN. None of my > customers have a static internet address. > > I've used ssh locally before, and that is really simple to set up, but > because of the open hole I'll be creating my question is really: Should > I be learning about setting up VPN tunnels into their systems instead? > > Anyone have any true experience using both and can shed some light on > the security implications? Also, we're in Western Australia, with > archaic PSTN networks (56K modem - so only 33K upstream), so any > overheads incurred using one over the other I should also consider? > I'm just an ssh user - and I prefer it over vpn. It works pretty well and is much less hassle. Assuming OpenSSH and VPN solutins you are equally bug-free - the weakest link would be the endpints (your machine or your client's box) - not the connection (ssh/vpn) With ssh - you can disable passwd auth and stick with key-auth. Now the problem of securing the end point becomes securing the 'private ssh key/(s)'. And ssh can tunnel almost everything - including ssh - which sometimes useful.. (for eg: your customer could invoke a ssh connection to the outside/your box - which opens up the ssh port to the server. Now you can ssh to this forwareded port - to connect to the server :) ) Satish
