<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 13, 2014 at 1:21 PM, Brian Wood <span dir="ltr"><<a href="mailto:woodbrian77@gmail.com" target="_blank">woodbrian77@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div><br></div>I've been thinking about IPsec recently after not<br>
</div>making much progress with it previously. I'm <br>wondering how it would work with my current<br>
</div>configuration. Currently I run both nginx and<br></div>my code generation service on the same machine.<br></div>I also use ssh to login remotely. If you have IPsec<br></div>running on a server, do you still use ssh to login to<br>
that machine?<br></div></div></div><br></blockquote><div><br></div><div>Yes, you would still use ssh, because its providing a slightly different kind of security, and because its a standard. IPSec can create a secure tunnel between two systems, which gives confidentiality to the systems regarding what services inside that tunnel are running. Its a good(?) solution for securing services that are not very security-aware. SSH is less general, an attacker will know exactly what service is running (though not any tunneled services). It still provides confidentiality, just at a different level. Also, IPSec authenticates systems to each other, whereas ssh authenticates a user to a service, so its a different level of accounting.</div>
<div><br></div><div>Another, perhaps more important, reason to continue using ssh is its a standard, and its likely already there. I wouldn't bother setting up telnetd for an IPSec secured link since chances were I would need ssh anyway at some point. The double encryption on a terminal session is not noticeable. I occasionally have double or triple ssh tunnels forwarding https traffic, and its never caused me performance issues as long as Im not trying to do bulk file transfers. </div>
<div><br></div><div>Jay</div><div> </div></div><br></div></div>