[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] TC wifi initializtion - concept



Well you can turn passwords off using ssh and just use the keys to authenticate.

OpenSSH and OpenVPN use different ciphers. I don't think arcfour is even listed as a cipher option for OpenVPN. The protocols are different too, so you get different network behavior using them.

You could choose not to use ssh tunneling on your clients if you're using a VPN, so that gets rid of the "messy". No point in an encrypted tunnel in an encrypted tunnel. Unless of course one is clinically paranoid.

Of course using either ssh or a VPN is pretty secure as long as they're well implemented.

I still don't like encrypted  tunnels through my firewall that I can't inspect.


On Tue, Apr 8, 2014 at 2:05 PM, Jim Kinney <jim kinney gmail com> wrote:

Same encryption algorithms on ssh and openvpn. Ssh through VPN is bloated and overkill for k12 needs. Can manage ssh keys with freeIPA on centos6 as ssh knows through Pam to check LDAP for user keys (slick!). Big issue is requiring password on ssh keys for users.

On Apr 8, 2014 2:10 PM, "Roger Nutbeam" <gnutbeam gmail com> wrote:
I know both will use ssh tunneling, but I find a VPN easier to manage on a larger scale than ssh clients, keys and tunnels. It also doesn't give me the warm fuzzies forwarding ssh through my firewall to internal machines.


On Tue, Apr 8, 2014 at 12:52 PM, Les Mikesell <lesmikesell gmail com> wrote:
On Tue, Apr 8, 2014 at 12:43 PM, Roger Nutbeam <gnutbeam gmail com> wrote:
> You'd definitely want to run your outside<-in connections over a VPN too. I
> use OpenVPN and it works well.

That's always a good idea - but both NX and x2go will use ssh for
their connection and tunnel everything through it anyway.   X2go will
also transparently fire up a pass-through connection using rdp to a
windows desktop if you need remote access and want the
encryption/compression/caching features.

--
   Les Mikesell
     lesmikesell gmail com

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]