Re: site-to-site VPN with credential prompts?

To: debian-user@lists.debian.org
Subject: Re: site-to-site VPN with credential prompts?
From: Nicolas George <george@nsup.org>
Date: Tue, 25 Mar 2025 17:12:24 +0100
Message-id: <[🔎] Z-LV6BAgLyLnXQva@phare.normalesup.org>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] fa07848b356064f4bcdc46af5a378c91600e0923.camel@janc.be>
References: <[🔎] CAH8yC8kg=yNE7Avp6++wEr3Nfcnpp5zWMmjRjhaGRHmx0ubMoQ@mail.gmail.com> <[🔎] c4e72e8d-5d09-423d-b907-52c7e1cf1f31@gmail.com> <[🔎] eb891680-242e-42bf-80b9-f2c8af617e43@gmail.com> <[🔎] fa07848b356064f4bcdc46af5a378c91600e0923.camel@janc.be>

Jan Claeys (HE12025-03-25):
> > I should mention that having an internet facing ssh service is
> > usually a very bad idea. The 'better' approach is to have only a VPN
> > exposed and use heavy security on that. Once the VPN link is
> > established you can ssh through the VPN to internal systems.
> Why do you think SSH is less secure than any other VPN ? 

Why do you think Jan says ssh is less secure than a VPN when Jan is
saying that ssh is less secure than VPN+ssh?

I suggest to add port knocking to protect the VPN.

Regards,

-- 
  Nicolas George

Reply to:

Follow-Ups:
- Re: site-to-site VPN with credential prompts?
  - From: Jan Claeys <lists@janc.be>

References:
- site-to-site VPN with credential prompts?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: Jan Claeys <lists@janc.be>

Prev by Date: Re: site-to-site VPN with credential prompts?
Next by Date: Re: selecting text with mouse
Previous by thread: Re: site-to-site VPN with credential prompts?
Next by thread: Re: site-to-site VPN with credential prompts?
Index(es):
- Date
- Thread