LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-20-2011, 02:35 PM   #1
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 8.04.1 desk; Red Hat 9.0 server
Posts: 298

Rep: Reputation: 30
Question wifi ssh tunnel 1st 90 seconds risk?


Hi--

Have figured out how to set up a proxy using socks5 and ssh to protect my browsing, and tsocks to protect my email in wifi hotspots.

What are the risks for someone snooping on what I am doing, during the first 90 seconds or so when I am logging into the café wifi and establishing my ssh tunnel?

My system: Ubuntu 10.04 lts; FF 3.6.20; Evo 2.28.3

Thanks!
 
Old 08-20-2011, 07:44 PM   #2
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Well, as you have explained the situation, you aren't really doing much of anything at that point; so the risk would be minimal.

There is nothing useful to be gained by capturing your association with the AP; and as long as you aren't using clear text SSH passwords or protocol 1, the initial SSH handshaking is completely secure.

However, that is assuming there are no other applications running on the machine which you aren't mentioning. If you had something like an IM client that logged in as soon as an Internet connection came up (and therefore wasn't running though the SSH tunnel) it could be possible that those login credentials could be captured.
 
Old 08-21-2011, 04:18 PM   #3
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,425

Rep: Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159
Always set up SSH to use digital certificates, and to refuse password-style logins. Use a truly-random passphrase to secure the certificate, rigging the passphrase to a secure keychain. (Macintosh OS/X, for instance, does this automagically in its version of ssh_agent.)

The handshake for SSH does not reveal any information.

If the SSH daemon on the receiving end will accept only a digital certificate as its login credential, and if that certificate is cryptographically secured on your machine ... and if you have a padlock on your laptop even if you leave it "just for a second" ... then there's really nothing for anyone to "snoop."
 
Old 08-22-2011, 04:24 PM   #4
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
I don't know if it is correct to say "always set up SSH to use digital certificates". For what he/she is doing, non-keybased authentication is fine (not optimal from a security perspective, but OK). In fact, that isn't even what the OP asked about. It will work fine, even without digital certificates, IMO.

Like MS3FGX stated, ensure every client (such as IM) is disabled first (so that traffic can't be sniffed). Then you'll have nothing to worry about.
 
Old 08-22-2011, 10:07 PM   #5
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 8.04.1 desk; Red Hat 9.0 server
Posts: 298

Original Poster
Rep: Reputation: 30
Question

MS3FGX, sundialsvcs, and unixfool--

Thank you each for helping me.

At this point, I am using a password, but don't know if it is clear text, and I am not sure how to tell which protocol it is using.

The server man file reports that it defaults to protocol 2, which is what I had expected. The man file also says "The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network."

On the server, ssh -V reports: "OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008"; on the client it reports: "OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009"

The man file on the client reads essentially the same as on the server.

Does OP = Original Poster?

What does AP mean?

Thanks for all your help!

:- Doug.
 
Old 08-24-2011, 11:43 PM   #6
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Yeah, OP means original poster. AP is 'access point'.
 
Old 08-25-2011, 10:11 AM   #7
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 8.04.1 desk; Red Hat 9.0 server
Posts: 298

Original Poster
Rep: Reputation: 30
Smile

unixfool--

Many thanks!
 
  


Reply

Tags
ssh, tunnel, wifi


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
setting up an ssh soxy or local ssh tunnel from within an ssh soxy Mangenius Linux - Networking 0 03-05-2007 04:15 PM
LXer: Tiny WiFi-enabled Linux box boots in 1.1 seconds LXer Syndicated Linux News 0 10-11-2006 01:21 AM
ssh risk hoover93 Linux - Security 8 10-21-2005 10:03 PM
Will a RISK Processor Run on Linux, PA-RISK 8500 at 400MHz CPU IBNETMAN79 Linux - General 2 03-08-2002 08:09 PM


All times are GMT -5. The time now is 09:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration