NordVPN

VPN vs SSH

Peter Selmeczy

Peter Selmeczy

May 15, 2014

SSH is often referred to as ‘the poor man’s VPN’  or ‘the VPN that no-one remembers’ but both are still widely used today and have their advantages and similarities. In this article I will try and explain in layman’s terms how they work and will also explore the pros and cons of both connection types and point out their best uses.

A simple analogy of VPN (Virtual Private Network) vs SSH (Secure Shell) would be as follows: you are having a telephone conversation from home with your colleagues in a board room elsewhere. With a VPN everybody in the board room is able to hear you and you can hear them but with an SSH only a single person can hear you and they have to forward the message to everybody else. What we are saying is a VPN connects you to a network and SSH to a single computer.

As their names would suggest both VPN and SSH are both used to ‘tunnel’ network traffic using an encrypted connection and thereby providing you with extra security. For this reason people often ask “Which is the more secure?”.As you can probably guess from the name of our company we are partial to VPNs but from reading the article you will also realise that SSH is a great tool.

There are two different cases of using VPNs and SSH – internal and external – and both of these will be explored. What we mean by internal is running your own VPN/SSH server and by external is when you connect to a remote service as provided by your company for home working or by a VPN provider for security.

VPN

The main difference between SSH and VPN is that VPN works on the transport level while SSH works on an application level. This means that when you install a VPN it automatically routes all your network traffic through a secure tunnel and this is why when you install a VPN software it will also install a virtual network adapter.

On a security level both can be used to provide exactly the same amount of encryption and from this point of view there is no difference as long as you use the same encryption (see our encryption guide). The upside of using VPNs is that the traffic can be disguised as HTTPs traffic from an interceptors view.

Though VPN is generally easier to set up the problem is that there is no one unified standard for it. This means that the level of support can vary and you might have problems with setting it up. However with modern VPN providers they provide very good software and support so this is only an issue if you plan on running your own VPN server or need to connect to your company’s network.

Pros: Can use UDP or TCP, can disguise traffic

Cons: no unified standard

Uses: Remote access to company resources, providing security

SSH

As mentioned above SSH works on an application level. This means that it needs to be configured manually in order to protect all your traffic. Therefore if you wish to set-up encryption for all your software it needs to be manually configured using your SSH client – usually PuTTY.

In some aspect it is good that SSH doesn’t encrypt all your traffic since this can slow down your connection and not all your programs might need it. On the downside it is much harder to disguise SSH traffic and some Flash/Java/JS/Activex plugins can bypass the connection settings.

As mentioned above SSH is easy to install but it can be hard to set-up. This is because you need to configure all connections individually and need to set your browsers to use a SOCKS proxy. SSH unlike VPN is a unified system and therefore there is a large amount of support out there.

Pros: doesn’t encrypt all your traffic, cheaper to run, single standardized & unified protocol

Cons: Harder to set up, can only use TCP, doesn’t encrypt all your traffic, hard to disguise traffic, DNS leaks

Uses: remote access to a single computer, providing security

Conclusion

In conclusion both VPN and SSH can provide you with the same level of security if properly configured. However SSH is a lot harder to configure and there a far fewer providers to choose from while there are plenty of VPN providers and since it automatically encrypts all your traffic and can be disguised – in our opinion at least – it is a far better system. Of course if you don’t mind not all your traffic being encrypted (e.g. only need secure browsing and emails) and learning some technical know-how then SSH is worth considering. If you really wish to it is also possible to use the two side-by-side but this can really sacrifice speed for a level of protection that you probably don’t need.

Update:

We recently reviewed Tunnelr – a company that provides both SSH and VPN connections.

Peter Selmeczy

I am an engineer by trade and tech geek by night, who's passionate about sharing his knowledge with the people. Find me on Google+.

3 responses to “VPN vs SSH

  1. In a secure server environment, it is often faster and safer to connect only the ports that you need when there are a limited number of other servers to connect to, and you know what you are buying into in that case. There is no way to know how secure a third party vpn product is, without so much analysis and research that it is impractical, compared to opening a handful of ports on a handful of machines.

    If you are trying to connect to your “work” machine, what I do is set up a vnc server on my desktop, that I can only get into with a single ssh tunnel, and bob’s your uncle, and any/all synchronization issues disappear. The rest of the time it is locked behind the desktop machines carefully considered firewall (which is behind the main firewall).

    I don’t really understand the use case for vpn I guess, as I have access to my desktop as if I’m sitting right there with vnc (or whatever), and in the server environment there are no loose ends, it really couldn’t be simpler.

    1. Hi steveob,

      What you are talking about is connecting to a remote server in order to access to access its resources. Enterprise VPN networks are designed to do something similar, and are primarily about scaling such remote access. Commercial VPN services, however, are doing something very different. Please check out my VPNs for Beginners guide for a detailed discussion on what commercial VPN services do.

  2. As far as I remember, Tunvpn provide only one SSH server (in NL). So, you could have indicated Perfect Privacy in your list. Perfect-Privacy has many VPN servers arould the world, with SSH on _each_ server (plus many other things: http/squid & sock5 proxies on each server, double & triple vpn, and very good non loging policy).

    An other VPN provider offering SSH connection you have not spoken about: ovpn.to.

Leave a Reply

Your email address will not be published. Required fields are marked *

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
SAVE 49% TODAY
WITH OUR
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for BestVPN.com Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
$3.25/mo
Exclusive Offer
SAVE 72% TODAY
LIMITED TIME OFFER
Get NordVPN for only
$3.29/month
Exclusive Offer
SAVE 77% TODAY
LIMITED TIME OFFER
Get NordVPN for only
$2.75/month