Should you choose SSH over a VPN?

VPN
By Nate Drake
published

Both VPNs and SSH can protect your privacy - but which is better?

Jump to:
Quick menu

Image by Arek Socha from Pixabay

1. VPN disadvantages
2. SSH
3. SSH disadvantages
4. What's best for you?

You can enhance your network security and privacy with both SSH (Secure Shell) and VPN (Virtual Private Network) technologies. While they both play a crucial role in safeguarding your online activities, which one is best to use is based on each individual scenario.

SSH is ideal for secure remote access to servers or computers over unsecured networks like the internet. It enables encrypted communication, allowing you to log in securely, execute commands, transfer files, and tunnel to other network services. System administrators and developers commonly rely on SSH for managing remote servers and accessing resources securely.

On the other hand, a VPN establishes a secure and encrypted connection between your device and a private network on the internet. By creating a virtual tunnel, it encrypts your internet traffic, thwarting unauthorized access and intercepting attempts. VPNs are perfect for protecting your privacy, bypassing geo-restrictions, accessing blocked websites, and securing your connection while using public Wi-Fi networks.

In some cases, it's suitable to combine both technologies. You can set up a VPN connection to secure all your internet traffic and use SSH within that tunnel to access specific resources or manage remote systems.

Read more to learn about SSH and VPNs to help you choose the right solution for you. 

VPN disadvantages

Most major VPN providers offer software for your computer and mobile devices that make going online via a VPN very simple. All you need to do is enter your username and password, then choose the server to which you want to connect.

However, this ease of use can have its downsides. By using your provider's software, you have to trust that your VPN provider hasn't coded in any secret backdoors or left security bugs. 

Even if you use open source software such as OpenVPN Connect, there's no way to be certain that your data is safe. When you connect to a VPN Server, the VPN provider knows your IP address and manages connection requests for websites you visit and services you use.

Many VPN providers are aware of this and claim to have strict "no logs policies" and that they store no information that can be traced back to you personally. Even if this is the case, if the VPN server is compromised by an attacker they may be able to monitor you in real time to see which sites/apps you're using.

So, if these issues are something you care about and you're not already using SSH, then getting it set up might be right for you.

SSH

The SSH (Secure Shell) protocol was originally designed as a secure way to allow users to log in remotely to a server. It uses a mixture of public key authentication and strong encryption such as AES or ChaCha20. 

While at first, the idea was to allow network admins a safe way to access machines remotely when away from the office, SSH has many other uses. For example, when combined with a process known as Local Port Forwarding, you can use SSH to establish a secure encrypted tunnel to an app server. Provided you have a compatible app, any internet traffic it creates can be sent down this encrypted tunnel to your remote server, protecting your data and IP address.

This can be very helpful, as it gives you much the same advantages as a VPN. Anyone monitoring your ISP's connection records might see that you'd established an SSH tunnel to a server but they wouldn't be able to know which apps are using or what data's been sent.

If you use macOS or Linux, this can all be set up via your command line. Windows users must use a third-party app like PuTTY

SSH disadvantages

If you want to use SSH tunneling to protect your apps, you need to already have your own server or be willing to rent one in order to get set up. You may be able to save some money through using a cloud server or VPS (virtual private server) but in doing so you're faced with the same privacy dilemma as using a VPN Provider, as you're still trusting your data to be managed by a third party.

Unless you have an entire army of servers, you'll also appear to be connecting from the same IP address each time you go online. Although, having a static IP isn't always a bad thing. It can be very useful if you're hosting a website for example. 

Still it does make your server easier to target and you won't be able to "geo-spoof" by switching to a server in a different country from within an app.

Most importantly, VPNs operate at the network interface level. In plain English this means all your web data is encrypted each time you connect, not just the apps you happen to have set up for SSH tunnelling.

Unlike SSH software, most major VPN client apps also come with a built-in kill switch that stops all network activity if the VPN connection drops. 

What's best for you?

 

If you already use a server, are comfortable setting up the necessary software on the server and on each app you want to use, then SSH tunneling may be right for you. However it's much simpler and faster to use a VPN. This can also be much safer since all your web traffic is encrypted from when you first connect, not just that for select apps. 

If you don't have a VPN subscription, take a look at our guide to the very best ones for security and privacy today.  

TechRadar VPN disclaimer

Nate Drake

Nate Drake is a tech journalist specializing in cybersecurity and retro tech. He broke out from his cubicle at Apple 6 years ago and now spends his days sipping Earl Grey tea & writing elegant copy.