LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-28-2012, 12:47 PM   #1
loolooyyyy
Member
 
Registered: Nov 2011
Posts: 36

Rep: Reputation: Disabled
security of your machine when connecting to exposed server via ssh


if somebody gains control of the server i'm connecting to using ssh (creating a socks tunnel)
does he have access to my machine?
i am behind a router, acting as a firewall, not giving access to ports on my machine from outside the network

how about when forwarding a single port? (port 80), do they still have access?
 
Old 01-28-2012, 03:25 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786
Quote:
Originally Posted by loolooyyyy View Post
if somebody gains control of the server i'm connecting to (..) does he have access to my machine?
Controlling the remote host you SSH to or through means the perp in theory controls whatever you execute on, get from or send through that host. Since you only tunnel encrypted SSH traffic through the remote host and don't allow new connections to your LAN machine behind your LAN router / firewall and only use SSH with pubkey auth and your remote host uses a unique password or (better) pass-phrase the risk of the perp finding a way in through that connection is infinitesimal.
 
1 members found this post helpful.
Old 01-29-2012, 03:26 PM   #3
loolooyyyy
Member
 
Registered: Nov 2011
Posts: 36

Original Poster
Rep: Reputation: Disabled
since the way ssh works for tunneling is creating another ssh connection from server to host(my machine), doesnt this mean they have access for execution of commands?
 
Old 01-29-2012, 04:10 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786
Looks like something you could do the groundwork for yourself: create your SSH tunnel (you never listed if you were using a reverse tunnel or not BTW), log in on the remote host, then try to execute commands through your tunnel.
 
Old 01-30-2012, 07:58 AM   #5
loolooyyyy
Member
 
Registered: Nov 2011
Posts: 36

Original Poster
Rep: Reputation: Disabled
dear unSpawn
i'm using the reverse tunnel for bypassing some restriction (a SOCKS proxy), that's what the -D option does (reverse tunnel), right?
 
Old 01-30-2012, 08:37 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786
"-D" just means dynamic and using it doesn't make it a "reverse tunnel".
 
1 members found this post helpful.
Old 01-31-2012, 05:35 AM   #7
loolooyyyy
Member
 
Registered: Nov 2011
Posts: 36

Original Poster
Rep: Reputation: Disabled
thank you unSpawn!! a lot
 
  


Reply

Tags
security, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Problem in connecting in Linux machine. SAMBA Server. tailinlinux Linux - Networking 4 06-14-2011 08:00 PM
LXer: Apple's Worst Security Breach: 114,000 iPad Owners Exposed LXer Syndicated Linux News 3 06-10-2010 10:37 AM
Basic security measures to take connecting a Linux server to the Internet. linux_linux Linux - Networking 2 03-15-2008 09:42 PM
Connecting to my server using SSH (Newbie) v@ny@ Linux - Server 2 01-25-2008 07:37 AM
ssh not connecting to a remote machine. Eux Debian 5 09-22-2004 04:44 AM


All times are GMT -5. The time now is 11:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration