Jim Douglas wrote: > Can I use OpenSSH with the above software? I just finished setup and > configuration of OpenSSH when I saw this post on VPN. > > I only need to access one remote Linux box at a time. Mike McGrath wrote: > Sure it could though OpenSSH is considered "secure" by most. You > could add OpenVPN as an extra level of security, though I've never > done that. jack wallen asked: > i have to ask - how does one use ssh as a vpn? Well, normally, you don't -- the debate was about using SSH over a VPN. As Mike says, it works, it provides an extra layer of "defence in depth" security (it doesn't matter if there happens to be a security breach in the VPN if an attacker can't decode the SSH, and there's nothing vulnerable at either end of the VPN), and it makes it slightly less obvious that you're using SSH. But it is possible to use SSH either as a "poor man's" VPN, or as a "sort-of" VPN. I've never done a full VPN over SSH, but I'd start by reading http://tldp.org/HOWTO/ppp-ssh/index.html. The advantage of a SSH VPN is that SSH tends to be a lot less picky about the sort of network connections it gets than many VPNs, and SSH itself is easier to set up. Disadvantages include that SSH is supposed to be a poor transport for IP packets, and that if the SSH connection drops, so do all communications. You might get on better with port-forwarding. This can be as simple as ssh -L 5900:192.168.1.55:5901 vncuser@xxxxxxxxxxxxxxxxxxxxxx This connects you to a computer called jimdouglas.example.com, logs you in as vncuser (through a password or private key), and creates a tunnel between port 5900 on your machine and port 5901 on 192.168.1.55 on the same local network as jimdouglas.example.com (it might or might not be the same computer as jimdouglas.example.com). That then allows you to connect a VNC viewer to port 5900 on your own machine, and log into 192.168.1.55. It works very well for simple one-port protocols like VNC. It can be more of a challenge to get it to work with SMB or NFS (usually I don't bother and just sftp what I need). The advantage of this is that it's easy to set up SSH and be sure it's going to work, and then it's practical to set up tunnels as needed remotely. Hope this helps, James. -- E-mail: james@ | top! to bottom from or backwards read not do I, post top aprilcottage.co.uk | not do Please | -- Jeff Vian
