On Fri, Jun 13, 2014 at 1:21 PM, Brian Wood <woodbrian77 at gmail.com> wrote: > > I've been thinking about IPsec recently after not > making much progress with it previously. I'm > wondering how it would work with my current > configuration. Currently I run both nginx and > my code generation service on the same machine. > I also use ssh to login remotely. If you have IPsec > running on a server, do you still use ssh to login to > that machine? > > Yes, you would still use ssh, because its providing a slightly different kind of security, and because its a standard. IPSec can create a secure tunnel between two systems, which gives confidentiality to the systems regarding what services inside that tunnel are running. Its a good(?) solution for securing services that are not very security-aware. SSH is less general, an attacker will know exactly what service is running (though not any tunneled services). It still provides confidentiality, just at a different level. Also, IPSec authenticates systems to each other, whereas ssh authenticates a user to a service, so its a different level of accounting. Another, perhaps more important, reason to continue using ssh is its a standard, and its likely already there. I wouldn't bother setting up telnetd for an IPSec secured link since chances were I would need ssh anyway at some point. The double encryption on a terminal session is not noticeable. I occasionally have double or triple ssh tunnels forwarding https traffic, and its never caused me performance issues as long as Im not trying to do bulk file transfers. Jay -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20140613/62614e33/attachment.html>