SSH Tunneling and the LEA

Discussion in 'Computer Security' started by jaffy james, Feb 14, 2004.

  1. jaffy james

    jaffy james Guest

    hi,

    i know SSH is excellent for shielding your activity from your ISP but
    what is stopping the likes of the LEA to tap your SSH tunnel account?

    for example, what could stop them from snooping on you SSH account?
    even though the SSH tunnel is encrypted, there most be a point on the
    servers where the info you request (eg, web page, usenet, etc) will
    first be in plaintext then encrypted, then sent to you, so couldn't
    the server log everything you do?

    if anyone has any info on this, i'd be interested to know a bit more
    about it and how the SSH tunnel works in more detail.

    cheers,

    jaffy
     
    jaffy james, Feb 14, 2004
    #1
    1. Advertising

  2. In article <>,
    says...
    > hi,
    >
    > i know SSH is excellent for shielding your activity from your ISP but
    > what is stopping the likes of the LEA to tap your SSH tunnel account?
    >
    > for example, what could stop them from snooping on you SSH account?
    > even though the SSH tunnel is encrypted, there most be a point on the
    > servers where the info you request (eg, web page, usenet, etc) will
    > first be in plaintext then encrypted, then sent to you, so couldn't
    > the server log everything you do?
    >
    > if anyone has any info on this, i'd be interested to know a bit more
    > about it and how the SSH tunnel works in more detail.
    >
    > cheers,
    >
    > jaffy
    >



    the entire ssh session is secure, everything going through it is
    encrypted. what you're looking for/at isn't a problem, what is a problem
    is a "man in the middle" attack. whereby, you need to verify the
    certificate/key you are getting from the server is valid. if it's not,
    be weary. there's different "switches" for different versions of ssh
    clients to verify the key/cert.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Feb 14, 2004
    #2
    1. Advertising

  3. jaffy james

    edo Guest

    On Sat, 14 Feb 2004, Colonel Flagg wrote:
    >jaffy
    >>
    >> i know SSH is excellent for shielding your activity from your ISP but
    >> what is stopping the likes of the LEA to tap your SSH tunnel account?
    >>
    >> for example, what could stop them from snooping on you SSH account?
    >> even though the SSH tunnel is encrypted, there most be a point on the
    >> servers where the info you request (eg, web page, usenet, etc) will
    >> first be in plaintext then encrypted, then sent to you, so couldn't
    >> the server log everything you do?
    >>
    >> if anyone has any info on this, i'd be interested to know a bit more
    >> about it and how the SSH tunnel works in more detail.
    >>

    >
    >
    >the entire ssh session is secure, everything going through it is
    >encrypted. what you're looking for/at isn't a problem, what is a problem
    >is a "man in the middle" attack. whereby, you need to verify the
    >certificate/key you are getting from the server is valid. if it's not,
    >be weary. there's different "switches" for different versions of ssh
    >clients to verify the key/cert.
    >


    better be wary than weary

    factors
    ssh chain ?
    ssh_host proxy (cache) ?
    transport protocol [ xxx ] ?
    volume traffic ssh_host ?
    more . . . ?

    desktop <-> ssh_client <- [ SSH TUNNEL ] <-> ssh_server <-> ssh_host <-> .
    .. . [ xxx ] <-> host

    direct control

    desktop <-> ssh_client <- [ SSH TUNNEL ] <-> ssh_server <->

    focus attention
    ssh_host <-> . . . [ xxx ] <-> host
     
    edo, Feb 17, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Sasso

    Split Tunneling and Cisco VPN client

    John Sasso, Aug 26, 2004, in forum: Cisco
    Replies:
    1
    Views:
    6,811
    Scooby
    Aug 26, 2004
  2. Bob Smith
    Replies:
    3
    Views:
    5,808
    Bob Smith
    Nov 10, 2004
  3. ZChuck
    Replies:
    3
    Views:
    2,742
    Walter Roberson
    Jul 11, 2005
  4. Matthew Poole

    Problem tunneling ICQ over SSH

    Matthew Poole, Nov 4, 2004, in forum: NZ Computing
    Replies:
    1
    Views:
    482
    Oliver Pfeiffer
    Nov 23, 2004
  5. richard
    Replies:
    13
    Views:
    642
    Mike Yetto
    Jul 1, 2009
Loading...

Share This Page