SSH Tunneling and the LEA

Discussion in 'Computer Security' started by jaffy james, Feb 14, 2004.

  1. jaffy james

    jaffy james Guest


    i know SSH is excellent for shielding your activity from your ISP but
    what is stopping the likes of the LEA to tap your SSH tunnel account?

    for example, what could stop them from snooping on you SSH account?
    even though the SSH tunnel is encrypted, there most be a point on the
    servers where the info you request (eg, web page, usenet, etc) will
    first be in plaintext then encrypted, then sent to you, so couldn't
    the server log everything you do?

    if anyone has any info on this, i'd be interested to know a bit more
    about it and how the SSH tunnel works in more detail.


    jaffy james, Feb 14, 2004
    1. Advertisements

  2. the entire ssh session is secure, everything going through it is
    encrypted. what you're looking for/at isn't a problem, what is a problem
    is a "man in the middle" attack. whereby, you need to verify the
    certificate/key you are getting from the server is valid. if it's not,
    be weary. there's different "switches" for different versions of ssh
    clients to verify the key/cert.

    Colonel Flagg

    Privacy at a click:

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Feb 14, 2004
    1. Advertisements

  3. jaffy james

    edo Guest

    better be wary than weary

    ssh chain ?
    ssh_host proxy (cache) ?
    transport protocol [ xxx ] ?
    volume traffic ssh_host ?
    more . . . ?

    desktop <-> ssh_client <- [ SSH TUNNEL ] <-> ssh_server <-> ssh_host <-> .
    .. . [ xxx ] <-> host

    direct control

    desktop <-> ssh_client <- [ SSH TUNNEL ] <-> ssh_server <->

    focus attention
    ssh_host <-> . . . [ xxx ] <-> host
    edo, Feb 17, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.