HPE Community
Operating System - Linux
1820475 Members
3263 Online
109624 Solutions
New Discussion юеВ

ipsec tunnel more secure than ssh?

 
SOLVED
Go to solution
'chris'
Super Advisor

тАО01-02-2010 11:35 AM

тАО01-02-2010 11:35 AM

ipsec tunnel more secure than ssh?

Hi

I'd like to rsync some data between 2 linux machines over the Internet.
Is ipsec vpn tunnel more secure than ssh with a quite long and complicated password?
0 Kudos
Reply
5 REPLIES 5
Michal Kapalka (mikap)
Honored Contributor

тАО01-02-2010 02:16 PM

тАО01-02-2010 02:16 PM

Solution

Re: ipsec tunnel more secure than ssh?

hi,

check this link :

http://www.schumi.ch/partner/SSHvsVPN.htm

- ok to your solution, for rsync only between two server somewhere on the internet you could use, only ssh, but if this servers are inside the DMZ/intranet, them you could use VPN/IPSEC to create connection between corporate lan and internet placed server, and them if you have access use rsynv over SSH.

mikap
Reply
Florian Heigl (new acc)
Honored Contributor

тАО01-05-2010 07:43 PM

тАО01-05-2010 07:43 PM

Re: ipsec tunnel more secure than ssh?

If you wanna ramp up the security for the ssh connection, you could use

the "command" and "from" settings in the file authorized_keys, which will allow the key-based access only from the "correct" server and will only allow him to run rsync.

A VPN will actually allow more access to the "authorized client" than a firewall restricted ssh will do, but opening up ssh just for rsync might be something to reconsider multiple times. If you don't have to, then don't make ssh available.

The actual transmission should be as secure with ssh than via a vpn, as they share most algorithms used for the encryption.
yesterday I stood at the edge. Today I'm one step ahead.
Reply
'chris'
Super Advisor

тАО01-05-2010 09:26 PM

тАО01-05-2010 09:26 PM

Re: ipsec tunnel more secure than ssh?

>the "command" and "from" settings in the >file authorized_keys, which will allow the >key-based access only from the "correct" >server and will only allow him to run rsync.

Thx, but can u pls give some more details how this should work?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-06-2010 08:06 AM

тАО01-06-2010 08:06 AM

Re: ipsec tunnel more secure than ssh?

Shalom,

These are two totally different, yet compatible technologies.

You could connect via an IPSEC/VPN and then rsync.

This would provide two layers of protection.

There is some configuration work to do, but it can be done.

Frankly however, rsync -e ssh and password free ssh authentication is good enough for most purposes. Only the NSA or people having very powerful computers have a chance to crack the encryption and that would take days or weeks of effort.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Matti_Kurkela
Honored Contributor

тАО01-06-2010 09:06 AM

тАО01-06-2010 09:06 AM

Re: ipsec tunnel more secure than ssh?

>the "command" and "from" settings in the file authorized_keys

These are documented in the sshd man page, in the chapter titled "AUTHORIZED_KEYS FILE FORMAT". There's even an example authorized_keys file, demonstrating various settings.

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.