[lug] keeping up with attacks
Stephen Kraus
ub3ratl4sf00 at gmail.com
Sat May 4 10:51:49 MDT 2019
OpenSSH does not require having your cert ahead of time unless you did a
public key method.
OpenVPN does. Add in Google Multi-Factor, and its a highly secure method.
On Sat, May 4, 2019, 12:38 PM Rob Nagler <nagler at bivio.biz> wrote:
> On Sat, May 4, 2019 at 10:15 AM Stephen Kraus wrote:
> > Why is your SSH public facing anyways? OpenVPN is free, set it up and
> deny any SSH from external IPs. Best practice is to always use VPN or a
> Jump Box to access SSH.
>
> I will fail my network security certification for saying this: OpenSSH is
> more secure than OpenVPN.
>
> They both use the same software encryption software so that's a wash. The
> difference is that OpenSSH is older and much more widely installed.
> Therefore, I trust it more than OpenVPN.
>
> Bastion hosts (your jump boxes) encourage chewy centers.
>
> Rob
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20190504/a2d6297e/attachment.html>
More information about the LUG
mailing list