[NCLUG] ssh question

Bob Proulx bob at proulx.com
Thu Oct 9 00:34:13 MDT 2008


Scott Scriven wrote:
> Sean Reifschneider wrote:
> > Why don't you just set up OpenVPN and use the gateway settings so that all
> > your traffic gets routed over the VPN tunnel.
> 
> I was just about to suggest exactly the same thing.  It would be 
> a lot simpler and more robust than mucking about with ssh tunnels 
> and proxies.

Although I am in total agreement that for the road warrior who
interacts with the internet while mobile that setting up a vpn is
definitely a superior general solution but I think there are two other
issues that are important here.

For one ssh tunnels don't show up on a list of system interfaces and
don't show up in routing tables.  This might be more of a
steganography issue.  The nail that sticks up gets hit.  Setting up a
full vpn with network routing and everything would almost certainly
raise some red flags if this is a corporate desktop.

For another in that same case setting up a fully routed VPN while
still maintaining access to the local network is a more complicated
situation.  You would need to make sure the routing is correct for two
sets of networks.  Doing this incorrectly can compromise the security
of the local network.  This isn't usually an issue for setting up a
vpn for the typical warrior on the road but I assume this would be
needed here to maintain access to the local network.  And it would
certainly raise red flags if in a corporate environment.

But at the same time using simple ssh for remote access is almost
certainly approved and therefore less worry.  For those reasons using
the more lightweight ssh for remote access is sometimes the better
choice.  I don't want to sound disapproving of VPNs though.  I am
not.  I think vpns are good tools too.

Bob



More information about the NCLUG mailing list