Mathias Sundman wrote:
Yes, you're right, I was only asking about this from a crypto
standpoint. Me too prefer OpenVPN in most cases, but there are still
some cases where SSH is preferable.
The reason I asked was because I have a customer who is setting up a
disaster recovery solution for a Solaris server, and simply needed
shell access and a way to transfer files to the off-site backup
machine. One user and one server -- can't be much easier, so I
suggested to use SSH.
However for some reason they did not accept SSH for securing this, but
OpenVPN was okay. I clamed that SSH had the same level of security as
both OpenVPN and IPSec (given it is correctly configured of cource),
so I just wanted to make sure I was right about that...
I'm fine with setting up OpenVPN to, so it's no problem, the customer
gets what they what, I just find it a little overkill to use OpenVPN
in this scenario, which is exactly what SSH was designed todo, but
policies are policies! If I would have called it ssh-VPN instead of
just ssh it would probably have been aproved ;-) VPN are good, other
protocols can't be trusted!
In fact, as ssh can narrow down what one can do over this connection, I
would say ssh is more secure than a network connection which has to be
firewalled seperately. Given this scenario I would use ssh anytime, not
a VPN solution.
Openvpn-users mailing list