VPN vs SSH - BestVPN.com


Peter Selmeczy

Peter Selmeczy

May 15, 2014

SSH is often referred to as ‘the poor man’s VPN’  or ‘the VPN that no-one remembers’ but both are still widely used today and have their advantages and similarities. In this article I will try and explain in layman’s terms how they work and will also explore the pros and cons of both connection types and point out their best uses.

A simple analogy of VPN (Virtual Private Network) vs SSH (Secure Shell) would be as follows: you are having a telephone conversation from home with your colleagues in a board room elsewhere. With a VPN everybody in the board room is able to hear you and you can hear them but with an SSH only a single person can hear you and they have to forward the message to everybody else. What we are saying is a VPN connects you to a network and SSH to a single computer.

As their names would suggest both VPN and SSH are both used to ‘tunnel’ network traffic using an encrypted connection and thereby providing you with extra security. For this reason people often ask “Which is the more secure?”.As you can probably guess from the name of our company we are partial to VPNs but from reading the article you will also realise that SSH is a great tool.

There are two different cases of using VPNs and SSH – internal and external – and both of these will be explored. What we mean by internal is running your own VPN/SSH server and by external is when you connect to a remote service as provided by your company for home working or by a VPN provider for security.


The main difference between SSH and VPN is that VPN works on the transport level while SSH works on an application level. This means that when you install a VPN it automatically routes all your network traffic through a secure tunnel and this is why when you install a VPN software it will also install a virtual network adapter.

On a security level both can be used to provide exactly the same amount of encryption and from this point of view there is no difference as long as you use the same encryption (see our encryption guide). The upside of using VPNs is that the traffic can be disguised as HTTPs traffic from an interceptors view.

Though VPN is generally easier to set up the problem is that there is no one unified standard for it. This means that the level of support can vary and you might have problems with setting it up. However with modern VPN providers they provide very good software and support so this is only an issue if you plan on running your own VPN server or need to connect to your company’s network.

Pros: Can use UDP or TCP, can disguise traffic

Cons: no unified standard

Uses: Remote access to company resources, providing security


As mentioned above SSH works on an application level. This means that it needs to be configured manually in order to protect all your traffic. Therefore if you wish to set-up encryption for all your software it needs to be manually configured using your SSH client – usually PuTTY.

In some aspect it is good that SSH doesn’t encrypt all your traffic since this can slow down your connection and not all your programs might need it. On the downside it is much harder to disguise SSH traffic and some Flash/Java/JS/Activex plugins can bypass the connection settings.

As mentioned above SSH is easy to install but it can be hard to set-up. This is because you need to configure all connections individually and need to set your browsers to use a SOCKS proxy. SSH unlike VPN is a unified system and therefore there is a large amount of support out there.

Pros: doesn’t encrypt all your traffic, cheaper to run, single standardized & unified protocol

Cons: Harder to set up, can only use TCP, doesn’t encrypt all your traffic, hard to disguise traffic, DNS leaks

Uses: remote access to a single computer, providing security


In conclusion both VPN and SSH can provide you with the same level of security if properly configured. However SSH is a lot harder to configure and there a far fewer providers to choose from while there are plenty of VPN providers and since it automatically encrypts all your traffic and can be disguised – in our opinion at least – it is a far better system. Of course if you don’t mind not all your traffic being encrypted (e.g. only need secure browsing and emails) and learning some technical know-how then SSH is worth considering. If you really wish to it is also possible to use the two side-by-side but this can really sacrifice speed for a level of protection that you probably don’t need.


We recently reviewed Tunnelr – a company that provides both SSH and VPN connections.