Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You generally can't - If the ISP or IT staff can't read them, neither can the destination server. One thing that you can do is encrypt the communications by using an intermediate machine.
For example, if you are at the office you can ssh into your home machine and tunnel X. Then open the web browser on your home machine, with the display on your office machine. You can then browse the web, while communications to-from your office remain (strongly) encrypted.
Doing this would require having or installing X on your office machine and setting up an ssh server on your home machine, all of which is freely available. There are many threads on both issues, so if this is a viable solution for you, search the forum.
An even trickier method could be running ssh as a client and server. Could one not ssh to localhost and run the apps through there to the same effect as logging into another machine?
Originally posted by servnov An even trickier method could be running ssh as a client and server. Could one not ssh to localhost and run the apps through there to the same effect as logging into another machine?
No, the encyption is then only over the local tcp connection (on machine1). The http requests that leave the machine are not encrypted in that case.
Originally posted by servnov ok, would it work if connecting to the external IP instead of localhost? by the way, thanks for help
No, if by external IP you mean the IP address of machine1 outside the NAT.
Think about the path of the data. From the web browser to the web server, the data is not encrypted (assuming that you're not using an SSL transaction). From the SSH client to the SSH server, the data is encrypted. If the encrypted portion of the data path ends on machine1, then the browser running on machine1 will be sending unencrypted data from machine1.
The scenario I described in my original post will work because the encryption ends on machine2. The data from machine2 to the web server is then unencrypted. Assuming machine2 is at your home (or any remote location outside the domain of machine1), then those monitoring machine1 have no visibility to the data from machine2 to the web server. They can only see the encrypted stream leaving machine1. To further obscure this, you can put the SSH server running on machine2 on port 443 (the web server SSL port). The ssh session will then look like a (very long) SSL transaction with a web server to any monitoring equipment watching machine1. In that case, you need to specify the port with SSH:
ssh -p443 -Y userid@machine2
Last edited by macemoneta; 08-15-2005 at 10:20 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.