The SSH is a tunnel created through an SSH connection used to encrypt the data being transmitted. As the Wikipedia article says, “SSH (Secure Shell) is an application-level network protocol that allows remote management of the operating system and tunneling of TCP connections (for example, for file transfers).”
When using the SSH tunnel, the open traffic of any protocol is encrypted at one end of the SSH connection (the client) and decrypted on the other (SSH server).
The SSH protocol supports several work options:
- In the first case, the tunneled application should have HTTP / SOCKS proxy settings to direct traffic through a local proxy server to the SSH tunnel. If there are no such settings, then you can use a special program, which sends traffic through a proxy server.
- In the second case, you can organize a practically full anonymous VPN connection without setting up SOCKS. Starting with version 4.3, an OpenSSH implementation, you can use OSI tunneling network interfaces of the 2nd and 3rd levels, that is, organize analogues of VPN connections.
VPN or SSH?
Historically, VPN and SSH were meant for different purposes, which explain their pros and cons.
VPN is designed to provide secure remote access to corporate network resources. As soon as the computer connects to the VPN server, it becomes a part of the “local” network, and therefore can receive all of its services: shared resources, local VoIP service, it also becomes possible for NetBios-, UDP- and broadcast requests, single VPN- Policies, etc. the traffic of the entire operating system and applications is sent through the VPN in most cases.
SSH was originally intended for secure remote device management. An SSH connection is a connection to a specific device, not a network. Although the SSH masters can do a lot of cool things with it.
Security. The VPN and SSH protocols are safe enough except for PPTP. Most possible attacks are reduced to Man-in-the-middle and substitution of certificates or keys, but this is a problem of authentication and user care.
Convenience. Convenience is a conditional and subjective concept, it depends on your goals and experience. It’s easy to connect to a VPN server, but for beginners it can be difficult to configure it. While the SSH server is easier to configure, for example, configuring an SSH tunnel for each application manually might not seem very convenient.
Speed. The speed of each tool depends on the specific implementation and protocols used. If you compare SSH and OpenVPN, I’ll share the research already done:
- Network – 96.5 Mbps.
- Network / SSH – 94.2 Mbps.
- Network / VPN – 32.4 Mbps.
In summary, it’s worth noting that VPN servers are more popular than SSH. There are many commercial VPN providers on the Internet. However, SSH tunnels are also sold in excess at specialized forums.