[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: site-to-site VPN with credential prompts?

On Tue, 2025-03-25 at 17:12 +0100, Nicolas George wrote:
> Jan Claeys (HE12025-03-25):
> > > I should mention that having an internet facing ssh service is
> > > usually a very bad idea. The 'better' approach is to have only a
> > > VPN exposed and use heavy security on that. Once the VPN link is
> > > established you can ssh through the VPN to internal systems.

> > Why do you think SSH is less secure than any other VPN ? 
> 
> Why do you think Jan says ssh is less secure than a VPN when Jan is
> saying that ssh is less secure than VPN+ssh?

Jeremy insinuated that, not me, by saying that having SSH listening
publicly is a bad idea, and that “a VPN” listening publicly is somehow
safer.

As OpenSSH can be used as a VPN (if you want), a statement like that
makes very little sense, unless SSH would be somehow less secure than
all the other VPN solutions.


-- 
Jan Claeys

(please don't CC me when replying to the list)
Reply to: