[K12OSN] TC wifi initializtion - concept

Roger Nutbeam gnutbeam at gmail.com
Tue Apr 8 19:41:22 UTC 2014 

Well you can turn passwords off using ssh and just use the keys to
authenticate.

OpenSSH and OpenVPN use different ciphers. I don't think arcfour is even
listed as a cipher option for OpenVPN. The protocols are different too, so
you get different network behavior using them.

You could choose not to use ssh tunneling on your clients if you're using a
VPN, so that gets rid of the "messy". No point in an encrypted tunnel in an
encrypted tunnel. Unless of course one is clinically paranoid.

Of course using either ssh or a VPN is pretty secure as long as they're
well implemented.

I still don't like encrypted  tunnels through my firewall that I can't
inspect.


On Tue, Apr 8, 2014 at 2:05 PM, Jim Kinney <jim.kinney at gmail.com> wrote:

> Same encryption algorithms on ssh and openvpn. Ssh through VPN is bloated
> and overkill for k12 needs. Can manage ssh keys with freeIPA on centos6 as
> ssh knows through Pam to check LDAP for user keys (slick!). Big issue is
> requiring password on ssh keys for users.
> On Apr 8, 2014 2:10 PM, "Roger Nutbeam" <gnutbeam at gmail.com> wrote:
>
>> I know both will use ssh tunneling, but I find a VPN easier to manage on
>> a larger scale than ssh clients, keys and tunnels. It also doesn't give me
>> the warm fuzzies forwarding ssh through my firewall to internal machines.
>>
>>
>> On Tue, Apr 8, 2014 at 12:52 PM, Les Mikesell <lesmikesell at gmail.com>wrote:
>>
>>> On Tue, Apr 8, 2014 at 12:43 PM, Roger Nutbeam <gnutbeam at gmail.com>
>>> wrote:
>>> > You'd definitely want to run your outside<-in connections over a VPN
>>> too. I
>>> > use OpenVPN and it works well.
>>>
>>> That's always a good idea - but both NX and x2go will use ssh for
>>> their connection and tunnel everything through it anyway.   X2go will
>>> also transparently fire up a pass-through connection using rdp to a
>>> windows desktop if you need remote access and want the
>>> encryption/compression/caching features.
>>>
>>> --
>>>    Les Mikesell
>>>      lesmikesell at gmail.com
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20140408/bc522873/attachment.htm>

More information about the K12OSN mailing list