this post was submitted on 18 May 2024
19 points (100.0% liked)

linux4noobs

1338 readers
1 users here now

linux4noobs


Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.


Seeking Support?

Community Rules

founded 1 year ago
MODERATORS
 

Hello I am wondering if there is increased network/packet security by connecting to a server over ssh through a VPN hosted by that same server as opposed to without first tunneling by VPN. I imagine with or without tunneling through a VPN there would be latency/speed differences too?

you are viewing a single comment's thread
view the rest of the comments
[–] sxan@midwest.social 8 points 6 months ago (2 children)

Yes.

Using a VPN for all your traffic obscures your usage and hinders surveillance by your internet provider. If you ssh directly to your server, that's one extra bit of information (that you're ssh'ing into the server) your internet provider has about you. Whether this is significant or useful to the provider is questionable, but the short answer is "yes, it provides more security." That said, AI is probably being already used to do pattern analysis on traffic, and they might still be able to tell you're making an ssh connection, unless you're also constantly streaming through the VPN, too.

I'm going to get heat for this, but running a bitcoin wallet on your home computer - whether or not you actually have any coins or are mining - is a great way to generate a variable amount of constant traffic to an endpoint. Hosting a public IPFS, web site, torrent seeds, or Freenet node are also good ways, although some of those require opening ports to inbound connections and could invite attacks.

[–] Ponziani@sh.itjust.works 6 points 6 months ago

Thank you for this excellent answer

[–] refalo@programming.dev 2 points 5 months ago* (last edited 5 months ago) (1 children)

and hinders surveillance by your internet provider

Yes, but it also shifts all that surveillance capability directly to your vpn provider, of whom many are thought/known to be compromised or otherwise mishandle your data. I would argue VPN providers may even be more appropriately situated/equipped to analyze/hand over your data more easily than your local ISP.

Also, SSH does have some obscure design "issues" that might be applicable depending on your threat model, for example one can check if a user has a certain key on the remote end, if you care about that. There's probably more.

[–] sxan@midwest.social 1 points 5 months ago

It's true there's a trust shift; you have to trust someone, even if you're self- hosting your endpoint (unless you also own the hardware the endpoint is running on). The difference is that I can vet my VPN provider, look at third party reviews, and some even get audits... whereas it's been proven that Comcast and Verizon are inserting trackers into your packet data and selling the results.

Can you elaborate a little on why you think a VPN provider is better equipped to analyze or hand over data? On what basis?