LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-22-2014, 12:11 PM   #1
WyattOil
LQ Newbie
 
Registered: Jun 2011
Distribution: Suse 11.4
Posts: 13

Rep: Reputation: 10
Question Using ssh to secure wifi traffic while traveling.


A buddy of mine travels quite a bit for work. While on the road, he's constantly having to use wifi connections he comes across. Since wifi can be less than secure, I was wondering if the following would help keep his traffic (and passwords) safe-er.

I was considering setting up a linux box on his network that he could SSH into while on an outside wifi connection, then setup a tunnel so all his traffic would be encrypted.

Does this actually help, or would a bad wifi connection just allow a 'badguy' to grab his SSH key and nullify any benefit to the secure tunnel?

If this isn't a good idea, any other suggestions are welcome.
 
Old 04-22-2014, 01:01 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,025

Rep: Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806
Yes, that would work as long as there is no man-in-the-middle attack. That means he has a public key in the known-hosts file of the mobile device, so that he can tell if traffic is intercepted.
 
1 members found this post helpful.
Old 04-22-2014, 01:22 PM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170
A far more effective strategy would be to use VPN, to create a "tunnel" to the remote system, through which all traffic would pass without any special awareness on the part of any application that wished to use the tunnel. Doesn't matter whether the transport is wireless or wired. "It could be carrier-pigeon," ahh, so to speak, and it would still be secure(d).

You should, of course, secure the VPN connection using individual, unique, password-protected cryptographic keys, issued by the host system. (Do not use "PSK == pre-shared-keys == mere passwords.")

The best form of cryptographic security is the most unobtrusive one. It should require no special awareness, and no special procedures, for its successful employment by any user or application that uses it. "It Just Works.™" ssh, on the other hand, does require special awareness and special procedures, without which communications that were supposed to be secure could be utterly and completely disclosed without the awareness of anyone ... "merely due to, say, the carelessness of the operator."

Always remember that the greatest threat to mechanized security is ... ... human realities. Uh huh. Computers may be mechanical, but we humans are not. "Wea culpa."
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Does ssh tunnel for socks 5 do the job for encrypting wifi traffic? centosfan Linux - General 3 09-26-2013 05:28 PM
WiFi traffic gustavolinux Linux - Security 4 11-19-2008 08:12 AM
LXer: Secure your Wi-Fi traffic using FOSS utilities LXer Syndicated Linux News 0 09-12-2006 04:33 PM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 01:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration