[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] TC wifi initializtion - concept



Same encryption algorithms on ssh and openvpn. Ssh through VPN is bloated and overkill for k12 needs. Can manage ssh keys with freeIPA on centos6 as ssh knows through Pam to check LDAP for user keys (slick!). Big issue is requiring password on ssh keys for users.

On Apr 8, 2014 2:10 PM, "Roger Nutbeam" <gnutbeam gmail com> wrote:
I know both will use ssh tunneling, but I find a VPN easier to manage on a larger scale than ssh clients, keys and tunnels. It also doesn't give me the warm fuzzies forwarding ssh through my firewall to internal machines.


On Tue, Apr 8, 2014 at 12:52 PM, Les Mikesell <lesmikesell gmail com> wrote:
On Tue, Apr 8, 2014 at 12:43 PM, Roger Nutbeam <gnutbeam gmail com> wrote:
> You'd definitely want to run your outside<-in connections over a VPN too. I
> use OpenVPN and it works well.

That's always a good idea - but both NX and x2go will use ssh for
their connection and tunnel everything through it anyway.   X2go will
also transparently fire up a pass-through connection using rdp to a
windows desktop if you need remote access and want the
encryption/compression/caching features.

--
   Les Mikesell
     lesmikesell gmail com

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]