Remosi’s Rants

Security tools should be simple. They should do one thing and do it well. The SSH people have said that they are adding VPN support. This I think is a particularly bad idea. Companies are paranoid about security. Many companies already ban VPN programs, they punch holes in their carefully blocked up firewall. Would they, should they ban SSH as being a VPN tool? Even the current portforwarding features in ssh have caused problems with peoples security arrangements, with it people can start punching holes through your precious firewall, imagine how much worse it will be if they have full IP access to every port on every machine inside your network. Some companies have already banned ssh because of the port forwarding argument. What advantage does SSH having VPN capabilities have? If you were a network manager, would you require people to use vpn software? Would you allow people to use ssh?