Re: FC6 VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jim Douglas wrote:
> Can I use OpenSSH with the above software?  I just finished setup and
> configuration of OpenSSH when I saw this post on VPN.
>
>   I only need to access one remote Linux box at a time.

Mike McGrath wrote: 
> Sure it could though OpenSSH is considered "secure" by most.  You
> could add OpenVPN as an extra level of security, though I've never
> done that.

jack wallen asked: 
> i have to ask - how does one use ssh as a vpn?

Well, normally, you don't -- the debate was about using SSH over a VPN.
As Mike says, it works, it provides an extra layer of "defence in depth"
security (it doesn't matter if there happens to be a security breach in
the VPN if an attacker can't decode the SSH, and there's nothing
vulnerable at either end of the VPN), and it makes it slightly less
obvious that you're using SSH.

But it is possible to use SSH either as a "poor man's" VPN, or as a
"sort-of" VPN. I've never done a full VPN over SSH, but I'd start by
reading http://tldp.org/HOWTO/ppp-ssh/index.html. The advantage of a SSH
VPN is that SSH tends to be a lot less picky about the sort of network
connections it gets than many VPNs, and SSH itself is easier to set up.
Disadvantages include that SSH is supposed to be a poor transport for IP
packets, and that if the SSH connection drops, so do all communications.

You might get on better with port-forwarding. This can be as simple as
ssh -L 5900:192.168.1.55:5901 vncuser@xxxxxxxxxxxxxxxxxxxxxx
This connects you to a computer called jimdouglas.example.com, logs you
in as vncuser (through a password or private key), and creates a tunnel
between port 5900 on your machine and port 5901 on 192.168.1.55 on the
same local network as jimdouglas.example.com (it might or might not be
the same computer as jimdouglas.example.com). That then allows you to
connect a VNC viewer to port 5900 on your own machine, and log into
192.168.1.55.

It works very well for simple one-port protocols like VNC. It can be
more of a challenge to get it to work with SMB or NFS (usually I don't
bother and just sftp what I need).

The advantage of this is that it's easy to set up SSH and be sure it's
going to work, and then it's practical to set up tunnels as needed
remotely.

Hope this helps,

James.

-- 
E-mail:     james@ | top! to bottom from or backwards read not do I, post top
aprilcottage.co.uk | not do Please
                   |     -- Jeff Vian


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux