← Back to Topics

SSH Security and Tunneling

The cluster focuses on debates about SSH's security for remote access and tunneling, comparisons to VPNs as alternatives, risks of exposing SSH to the internet, and its use in restricted networks like running on port 443 to mimic HTTPS.

📉 Falling 0.5x Security
2,746
Comments
20
Years Active
5
Top Authors
#4842
Topic ID

Activity Over Time

2007
3
2008
11
2009
26
2010
75
2011
84
2012
79
2013
156
2014
122
2015
190
2016
161
2017
193
2018
114
2019
185
2020
203
2021
170
2022
257
2023
229
2024
259
2025
178
2026
51

Top Contributors

tptacek (44) peterwwillis (18) e12e (16) cperciva (15) icebraining (12)

Keywords

CPU IMHO NFS SSH UNIX UDP NAT WPA HTTPS TLS ssh openssh vpn connection https tls tunnel tcp audit secure

Sample Comments

dec0dedab0de Nov 6, 2020 View on HN

That's not mentioned in the article, do you know if it is worse than just normal ssh?

kortilla Feb 21, 2020 View on HN

You forgot that SSH can be used to tunnel arbitrary TCP streams. FTP over ssh, http over ssh, etc.

taejo Aug 5, 2015 View on HN

Yes, but it's also ssh functioning in a way people don't know about.

verroq Aug 3, 2016 View on HN

I guess we can't use ssh for everything.

erikbye Feb 9, 2020 View on HN

SSH doesn't have to be exposed to the Internet, use VPN.

knorker Jul 1, 2020 View on HN

What makes you say it's not particularly suited for SSH?

m-p-3 Nov 2, 2021 View on HN

Basically why I stay with SSH, it's my poor man's VPN.

icebraining Jul 20, 2012 View on HN

How is a VPN more secure than SSH?

hurin Aug 22, 2015 View on HN

Why not just wrap all your SSH packets as HTTPS?

kavanutz Nov 23, 2014 View on HN

It's definitely not for everyone. Inbound/outbound SSH is usually blocked on corp networks. One of the reasons is you can tunnel/forward ports and expose the internal network. HTTPS takes that away. Plus you can't copy files off the server and the idea is you can audit what is being done. Depends on what the threat is in IMHO.