Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-04-2011, 10:05 PM   #1
Registered: May 2005
Distribution: Fedora
Posts: 92

Rep: Reputation: 15
if visiting an https website is there any added benefit to tunneling through ssh?

Basically, whenever I am on an unencrypted wireless hotspot, I open up an SSH tunnel to my home server to do all my browsing for the privacy and security it provides.

But I got to thinking, and now I am curious, if I am visiting a site like gmail for instance that always uses SSL/TLS for it's connections, is there any added benefit to also using an encrypted tunnel? or is it perhaps superfluous to use both?

Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 04-04-2011, 10:19 PM   #2
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
There's no need to tunnel a connection to a site that always uses encryption. You just double the encryption overhead and add latency.
Old 04-05-2011, 01:00 AM   #3
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
I would agree that in most cases there isn't a need for it, but we should probably look at this on a case-by-case basis. For example, if you're far from home and it's important for you to prevent people in your vicinity from knowing which sites you're using, then an SSH tunnel would be of value to you. Also, if you're on a very hostile network, an SSH tunnel may help mitigate your vulnerability to HTTPS-specific attacks being carried-out against you from hosts/nodes in your immediate area/path. Take the recent fraudalent certificate incident as an example. Granted, by using an SSH tunnel to your home, you're only addressing risk at one location, and it's always possible that your home network is at greater risk than a hotspot (in which case you'd be making matters worse), but that brings me back to my point about looking at these things on a case-by-case basis.

In addition, I've noticed that a lot of sites that use HTTPS seem to stick with HTTP (non-SSL) for certain things. Using an SSH tunnel to a less hostile location will protect you from localized sniffing/injection attacks which target those non-secure connections.

So, I would say that the answer to the thread title is "yes, but it depends on the circumstances".

Last edited by win32sux; 04-05-2011 at 01:12 AM.
2 members found this post helpful.
Old 04-05-2011, 05:36 PM   #4
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
Originally Posted by macemoneta View Post
There's no need to tunnel a connection to a site that always uses encryption. You just double the encryption overhead and add latency.
no entirely true. Server-side SSL is not very hard to intercept and can be MITM attacked fairly easily.

as win32 said it is very dependent on the situation but as long as your home connection has the bandwidth to support SSH tunnels or a VPN connection it would not hurt.

personally I have an openvpn connection up almost ALL the time either from my phone, tablet, or any of my laptops.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
X screen crashes while visiting facebook and some regional news(paper) website. kingston Linux - Newbie 7 09-17-2010 01:42 PM
Need help in running my website using secure connection (HTTPS) newbinlinux Linux - Newbie 14 02-25-2010 12:51 AM
problem accessing https website jagroop mand Linux - Enterprise 1 06-22-2005 09:30 AM
Is there any benefit to spoofing SSH version string, and how do I do that? Steve Cronje Linux - Security 2 01-19-2005 05:17 PM
likelihood of being compromised by visiting a suspicious website TheOneAndOnlySM Linux - Security 5 06-28-2004 04:38 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:06 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration