Hello I am wondering if there is increased network/packet security by connecting to a server over ssh through a VPN hosted by that same server as opposed to without first tunneling by VPN. I imagine with or without tunneling through a VPN there would be latency/speed differences too?

  • refalo@programming.dev
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    6 months ago

    and hinders surveillance by your internet provider

    Yes, but it also shifts all that surveillance capability directly to your vpn provider, of whom many are thought/known to be compromised or otherwise mishandle your data. I would argue VPN providers may even be more appropriately situated/equipped to analyze/hand over your data more easily than your local ISP.

    Also, SSH does have some obscure design “issues” that might be applicable depending on your threat model, for example one can check if a user has a certain key on the remote end, if you care about that. There’s probably more.

    • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      It’s true there’s a trust shift; you have to trust someone, even if you’re self- hosting your endpoint (unless you also own the hardware the endpoint is running on). The difference is that I can vet my VPN provider, look at third party reviews, and some even get audits… whereas it’s been proven that Comcast and Verizon are inserting trackers into your packet data and selling the results.

      Can you elaborate a little on why you think a VPN provider is better equipped to analyze or hand over data? On what basis?