On 2008-12-14, david@xxxxxxx <david@xxxxxxx> wrote: > On Sun, 14 Dec 2008, martin wrote: >> Why do you trust VPN more than the SSH? > in part it's that a VPN is a single point of control for all remote > access. > > If you use ssh you end up exposing all the individual machines Need not be true. None of my internal servers aer even accessible from the outside world; they're all in RFC1918 space and there's only one gateway. This *is* my single point of control. I can setup different port numbers to forward to different internal servers (ssh, http, whatever I wish); that may sound like a form of "exposing" but in reality it's a lot *more* restrictive than setting up a VPN and granting access to it. I actually don't like VPNs; they imply that you're "inside" the network in some way, and I hate blurring that distinction. If I'm outside, I want to be acutely aware of it, and the fact that I can't even ping one of the inside hosts or see what's on it, or do anything other than what is specifically allowed by the gateway, is one way of ensuring this. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
