Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Rep:
wifi ssh tunnel 1st 90 seconds risk?
Hi--
Have figured out how to set up a proxy using socks5 and ssh to protect my browsing, and tsocks to protect my email in wifi hotspots.
What are the risks for someone snooping on what I am doing, during the first 90 seconds or so when I am logging into the café wifi and establishing my ssh tunnel?
My system: Ubuntu 10.04 lts; FF 3.6.20; Evo 2.28.3
Well, as you have explained the situation, you aren't really doing much of anything at that point; so the risk would be minimal.
There is nothing useful to be gained by capturing your association with the AP; and as long as you aren't using clear text SSH passwords or protocol 1, the initial SSH handshaking is completely secure.
However, that is assuming there are no other applications running on the machine which you aren't mentioning. If you had something like an IM client that logged in as soon as an Internet connection came up (and therefore wasn't running though the SSH tunnel) it could be possible that those login credentials could be captured.
Always set up SSH to use digital certificates, and to refuse password-style logins. Use a truly-random passphrase to secure the certificate, rigging the passphrase to a secure keychain. (Macintosh OS/X, for instance, does this automagically in its version of ssh_agent.)
The handshake for SSH does not reveal any information.
If the SSH daemon on the receiving end will accept only a digital certificate as its login credential, and if that certificate is cryptographically secured on your machine ... and if you have a padlock on your laptop even if you leave it "just for a second" ... then there's really nothing for anyone to "snoop."
I don't know if it is correct to say "always set up SSH to use digital certificates". For what he/she is doing, non-keybased authentication is fine (not optimal from a security perspective, but OK). In fact, that isn't even what the OP asked about. It will work fine, even without digital certificates, IMO.
Like MS3FGX stated, ensure every client (such as IM) is disabled first (so that traffic can't be sniffed). Then you'll have nothing to worry about.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
MS3FGX, sundialsvcs, and unixfool--
Thank you each for helping me.
At this point, I am using a password, but don't know if it is clear text, and I am not sure how to tell which protocol it is using.
The server man file reports that it defaults to protocol 2, which is what I had expected. The man file also says "The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network."
On the server, ssh -V reports: "OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008"; on the client it reports: "OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009"
The man file on the client reads essentially the same as on the server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.