[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [Discuss] vnc
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Sun, 24 Aug 2014 13:09:15 -0400
- In-reply-to: <email@example.com>
- References: <53F9F6B9.firstname.lastname@example.org> <20140824161132.GE14848@randomstring.org> <email@example.com>
On 8/24/2014 12:22 PM, markw at mohawksoft.com wrote: > I would opt to use openvpn instead of an SSH tunnel. You have a better > control over security and "ease." Meh. Shell access is an on/off toggle. Changing how you flip this toggle doesn't offer better or worse security, nor does it make anything intrinsically easier or more difficult. One can just as easily manage access with PAM and LDAP groups. I think of it this way: If users need access to everything on an isolated network then a VPN usually is the better choice. Otherwise SSH is the better choice. Right tool for the job and all that. That said, I'd avoid using OpenVPN. I don't like X.509. I want X.509 to die in a fire. I want it to die painfully and permanently and never bother anyone ever again. For Linux to Linux I'd use Layer 3 tunneling over SSH using sshuttle to handle the heavy lifting. -- Rich P.