[scalability] ssh vs vpn solution

Jose Muniz MuniX-1 at PACBELL.NET
Tue Jan 9 01:43:07 EST 2001


Troy Bixby wrote:
>
hello Troy,

For the solution that you need it will be better to use SSH than
a VPN.
Here is the reason why:
X-11 forwarding it is actually eassyer with SSH than without because you
do not have to set any display environment variables and such.
There is strong authentication and you could even use PAM, and enable
secure ID
if you have to.
It will work on Sun, Linux, and most Unixes out there as well as
Windozized
systems with an X-Server like Hummingbird Exeed and several others.
Also there is SSH for the MAC by F-Secure, however i have not seen an
IPSec
client software for the MAC.
Another point is that with SSH you do not have to worrie about systems
behind firewalls and routers that have an RFC1918 IP address therefore
you wont have to worrie about the NAT hassle.
For what you descrybed and anytime that you need to encrypt any TCP
traffic SSH will do wonders.

Jose Muniz/

> Hello,
>
> I have an X based application running on a Sparc Blade 1000 and I will ultimately
> need to let 30-40 people run this application on this system and export X remotely
> from the internet.  Initial test of this with a handful of people have been very
> successful and the use of ssh simplifys things as only tcp port 22 needs to be
> allowed through the firewall and provides security.
>
> I am concerned (and am requesting input) on how well Secure Shell will scale up
> and if I should start looking for some type of vpn solution now.  Understand,
> I only need to export X from one application and I am not providing a large
> suite of applications.
>
> My big concern with a vpn solution is most I have encountered are centered around
> legacy m$ code on the client end.  My end users have Solaris (both sparc and x86)
> , linux and also a couple of MacOS systems (with an X server loaded).
>
> Thanks for any positive inputs, I will post a summary.
>
> Troy
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list