PonzianiMay 18, 2024

SSH through VPN

https://sh.itjust.works/post/19452938

SSH through VPN - sh.itjust.works

Hello I am wondering if there is increased network/packet security by connecting to a server over ssh through a VPN hosted by that same server as opposed to without first tunneling by VPN. I imagine with or without tunneling through a VPN there would be latency/speed differences too?

Show thread๐•ฝ๐–š๐–†๐–Ž๐–‰๐–๐–—๐–Ž๐–Œ๐–May 18, 2024

Yes.

Using a VPN for all your traffic obscures your usage and hinders surveillance by your internet provider. If you ssh directly to your server, thatโ€™s one extra bit of information (that youโ€™re sshโ€™ing into the server) your internet provider has about you. Whether this is significant or useful to the provider is questionable, but the short answer is โ€œyes, it provides more security.โ€ That said, AI is probably being already used to do pattern analysis on traffic, and they might still be able to tell youโ€™re making an ssh connection, unless youโ€™re also constantly streaming through the VPN, too.

Iโ€™m going to get heat for this, but running a bitcoin wallet on your home computer - whether or not you actually have any coins or are mining - is a great way to generate a variable amount of constant traffic to an endpoint. Hosting a public IPFS, web site, torrent seeds, or Freenet node are also good ways, although some of those require opening ports to inbound connections and could invite attacks.

Show threadrefalo

and hinders surveillance by your internet provider

Yes, but it also shifts all that surveillance capability directly to your vpn provider, of whom many are thought/known to be compromised or otherwise mishandle your data.

Also, SSH does have some obscure design โ€œissuesโ€ that might be applicable depending on your threat model, for example one can check if a user has a certain key on the remote end, if you care about that. Thereโ€™s probably more.

May 18, 2024 at 6:46pmWeb
Show thread๐•ฝ๐–š๐–†๐–Ž๐–‰๐–๐–—๐–Ž๐–Œ๐–May 18, 2024

Itโ€™s true thereโ€™s a trust shift; you have to trust someone, even if youโ€™re self- hosting your endpoint (unless you also own the hardware the endpoint is running on). The difference is that I can vet my VPN provider, look at third party reviews, and some even get auditsโ€ฆ whereas itโ€™s been proven that Comcast and Verizon are inserting trackers into your packet data and selling the results.

Can you elaborate a little on why you think a VPN provider is better equipped to analyze or hand over data? On what basis?