SSH is often referred to as 'the poor man's VPN' or 'the VPN that no-one remembers' but both are still widely used today and have their advantages and similarities. In this I will try and explain in layman's terms how they work and will also explore the pros and cons of both connection types and point out their best uses.
A simple analogy of VPN (Virtual Private Network) vs SSH (Secure Shell) would be as follows: you are having a telephone conversation from home with your colleagues in a board room elsewhere. With a VPN everybody in the board room is able to hear you and you can hear them but with an SSH only a single person can hear you and they have to forward the message to everybody else. What we are saying is a VPN connects you to a network and SSH to a single computer.
As their names would suggest both VPN and SSH are both used to 'tunnel' network traffic using an encrypted connection and thereby providing you with extra security. For this people often ask "Which is the more secure?".As you can probably guess from the name of our company we are partial to VPNs but from reading the article you will also realise that SSH is a great tool.
There are two different cases of using VPNs and SSH - internal and external - and both of these will be explored. What we mean by internal is running your own VPN/SSH server and by external is when you connect to a remote service as provided by your company for home working or by a VPN provider for security.
The main difference between SSH and VPN is that VPN works on the transport level while SSH works on an application level. This means that when you install a VPN it automatically routes all your network traffic through a secure VPN tunnel and this is why when you install a VPN software it will also install a virtual network adapter.
On a security level both can be used to provide exactly the same amount of encryption and from this point of there is no difference as long as you use the same encryption (see our encryption guide). The upside of using VPNs is that the traffic can be disguised as HTTPs traffic from an interceptors view.
Though VPN is generally easier to set up the problem is that there is no one unified standard for it. This means that the level of support can vary and you might have problems with setting it up. with modern VPN they provide very good software and support so this is only an issue if you plan on running your own VPN server or need to connect to your company's network.
Pros: Can use UDP or TCP, can disguise traffic
Cons: no unified standard
Uses: Remote access to company resources, providing security
As mentioned above SSH works on an application level. This means that it needs to be configured manually in order to protect all your traffic. Therefore if you wish to set-up encryption for all your software it needs to be manually configured using your SSH client - usually PuTTY.
In some it is good that SSH doesn't encrypt all your traffic since this can slow down your connection and not all your programs might need it. On the it is much harder to disguise SSH traffic and some Flash/Java/JS/Activex plugins can bypass the connection settings.
As mentioned above SSH is easy to install but it can be hard to set-up. This is because you need to configure all connections individually and need to set your browsers to use a SOCKS proxy. SSH is a unified system and therefore there is a large amount of support out there.
Pros: doesn't encrypt all your traffic, cheaper to run, single standardized & unified protocol
Cons: Harder to set up, can only use TCP, doesn't encrypt all your traffic, hard to disguise traffic, DNS leaks
Uses: remote access to a single computer, providing security
In both VPN and SSH can provide you with the same level of security if properly configured. However SSH is a lot harder to configure and there to choose from while there are plenty of VPN providers and since it automatically encrypts all your traffic and can be disguised - in our opinion at least - it is a far better system. Of if you don't mind all your traffic encrypted (e.g. only need secure browsing and emails) and learning some technical know-how then SSH is worth considering. If you really wish to it is also possible to use the two side-by-side but this can really sacrifice speed for a level of protection that you probably don't need.