[SOLVED] if visiting an https website is there any added benefit to tunneling through ssh?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
if visiting an https website is there any added benefit to tunneling through ssh?
Basically, whenever I am on an unencrypted wireless hotspot, I open up an SSH tunnel to my home server to do all my browsing for the privacy and security it provides.
But I got to thinking, and now I am curious, if I am visiting a site like gmail for instance that always uses SSL/TLS for it's connections, is there any added benefit to also using an encrypted tunnel? or is it perhaps superfluous to use both?
Thanks.
Click here to see the post LQ members have rated as the most helpful post in this thread.
I would agree that in most cases there isn't a need for it, but we should probably look at this on a case-by-case basis. For example, if you're far from home and it's important for you to prevent people in your vicinity from knowing which sites you're using, then an SSH tunnel would be of value to you. Also, if you're on a very hostile network, an SSH tunnel may help mitigate your vulnerability to HTTPS-specific attacks being carried-out against you from hosts/nodes in your immediate area/path. Take the recent fraudalent certificate incident as an example. Granted, by using an SSH tunnel to your home, you're only addressing risk at one location, and it's always possible that your home network is at greater risk than a hotspot (in which case you'd be making matters worse), but that brings me back to my point about looking at these things on a case-by-case basis.
In addition, I've noticed that a lot of sites that use HTTPS seem to stick with HTTP (non-SSL) for certain things. Using an SSH tunnel to a less hostile location will protect you from localized sniffing/injection attacks which target those non-secure connections.
So, I would say that the answer to the thread title is "yes, but it depends on the circumstances".
There's no need to tunnel a connection to a site that always uses encryption. You just double the encryption overhead and add latency.
no entirely true. Server-side SSL is not very hard to intercept and can be MITM attacked fairly easily.
as win32 said it is very dependent on the situation but as long as your home connection has the bandwidth to support SSH tunnels or a VPN connection it would not hurt.
personally I have an openvpn connection up almost ALL the time either from my phone, tablet, or any of my laptops.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
