SSH tunnel question

[Ben Scott]

On Wed, Feb 27, 2008 at 9:52 PM, Neil Joseph Schelly
<neil at jenandneil.com> wrote:
> ... he wanted to be able to access his machine
>  (didn't think he said how) and that he was intending to use SSH and port
>  forwarding to do it.

  Ah, good point.  On re-reading, it could be either.  He said "I use
ssh", but that doesn't mean that's the *only* thing he's interested in
using.

>  OpenVPN is not hard (certainly not as hard as you make it out to be)

  I didn't say it was hard.  Indeed, I said it wasn't all that hard.
But what I was after that OpenVPN would be *more*.  If you're just
after SSH, and you've got SSH, and SSH is working, then adding OpenVPN
is always going to be more work than not adding anything.  If Y > 0,
then X < X+Y.  :)

> As I said, I'm sure it's written up in a quick how-to somewhere ...

  It is.  The OpenVPN docs are pretty good, and cover this situation
explictly.  But reading the OpenVPN docs would involve more effort
than not reading them.  :)

> If you don't assume he only wants SSH, perhaps he also wanted to be able to
> visit the web server running on the remote machine, or some other service.

  Certainly, if you want to connect to arbitrary services, a VPN is
the way to go.

> I just offered an option that to me, sounded easier than all the
> port-forwarding in SSH over reverse SSH connections with
> port forwarding, etc...

  Heh.  SSH port forwarding isn't as hard as you make it out to be.
:-D  Indeed, having used SSH for years, I'd say SSH port forwarding is
even easier than OpenVPN.  Sure, OpenVPN is pretty easy, but SSH is
even easier.  Adding OpenVPN requires another daemon, another set of
keys, another set of configuration, some IP addresses, and some
firewall rules.  Not much, but more than nothing.  Adding an SSH port
forward is as simple as typing "-L foo:bar:baz".  :)

-- Ben