vnc through ssh or VPN...?

Torbjørn Heltne torbjorn.heltne "at" amelektronikk.no
Mon Mar 15 10:20:01 2004


Rasjid Wilcox wrote:

> On Monday 15 March 2004 19:29, Torbjxrn Heltne wrote:
> 
>>We currently have a (somewhat bandwidth limited) VPN connection between
>>the main office and one home office. The home office user needs
>>occasional vnc capabilities as well.
>>
>>I assume that both ssh and VPN gives about the same level of security
>>(comments?) so my initial concern is "value for bandwidth".
>>
>>Which solution will give the better one - vnc through VPN, or using ssh?
> 
> 
> It probably depends on a little on what type of VPN connection you are talking 
> about.  Do you mean PPTP or IPSec when you say VPN?  They are quite 
> different.
> 
> Opinions on the relative security may vary.  I would say that PPTP is the 
> least secure, with SSH and IPSec both being more secure, and IPSec being 
> (perhaps) a little more secure than SSH.  But both SSH and IPSec can be 
> configured in various ways, so it you would have to really be quite specific 
> about what configuration of IPSec and SSH you mean to reasonably compare the 
> security of the two.  And of course make sure any passwords used are strong 
> passwords.
> 
> Anyway, in my experience I have found ssh with compression enabled to give the 
> best performance in terms of responsiveness. Good enough to type comfortably 
> in Word etc over an ADSL connection.  Since I run Linux at home, it is just a 
> matter of passing the -C paramater.  If your remote user is running Windows, 
> Putty also supports compression.  Just tick the appropriate option, or build 
> a script that has all the need .reg entries provided.

Thanks for the reply, this sounds great.

Even if we were pretty ignorant to begin with, it seems that we have 
made good decisions:

  - The VPN connection I mentioned is IPSec
  - "Status information" says that compression is enabled
  - Pretty strong passwords (at least, we think so!)

I guess we are ready to proceed!

:-)

-- 
Torbjxrn Heltne