On Wed, Mar 20, 2024 at 02:01:44AM -0400, Jeffrey Walton wrote: > On Wed, Mar 20, 2024 at 1:32 AM <tomas@tuxteam.de> wrote: > > > > On Wed, Mar 20, 2024 at 04:22:29AM +0800, jeremy ardley wrote: > > > > > A 'safer' implementation will not even expose an ssh port. Instead there > > > will be a certificate based VPN where you first need a certificate to > > > connect and then you need a separate certificate to log in as root. A > > > further enhancement of security is to use 2-factor authentication - which is > > > supported in sshd via pam. > > > > How will a "VPN" with a "certificate" (whatever that means in this context) > > be more secure than a SSH (assuming key pair authentication, not password)? > > This may be more theoretical, but... IPSec uses > Encrypt-then-Authenticate (EtA), which is provably secure under random > models. In fact, I believe IPSec is IND-CCA2 secure (Ciphertext > Indistinguishability), which is a strong notion of security. SSH uses > Encrypt-and-Authenticate (E&A), which is provably insecure. The SSH > protocol leaks information because of the order of operations of > encryption and authentication. Of course it's not only theoretical. I took issue with the umbrella statement "VPN", which might be IPSec or some variant of TLS, to mention two ends of the scale. We might have lots of ground to cover until the issues you mention really matter, but at some point they will, for sure. Cheers -- t
Attachment:
signature.asc
Description: PGP signature