Erik Anderson: > For a service like this, it's quite likely that IPSec is a better > solution. SSH is great for one-off administrative things, when you > have control over both ends of the tunnel. For offering services to > customers, though, I'd greatly prefer IPSec, likely in transport mode. > Using IPSec will enable you to implement access control and routing > rules much easier than by using SSH tunnels. >From reading more about this I agree that using SSH tunneling has some weaknesses in this context. But IPSec looks difficult to learn and administer. I'm not sure why Github uses SSH tunneling rather than an alternative. Maybe using SSH tunneling doesn't hurt them that much yet. -- Brian Wood Ebenezer Enterprises -- so far G-d has helped us. http://webEbenezer.net (651) 251-9384 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20121213/77aa44b1/attachment.html>