-   Linux - Security (
-   -   wifi ssh tunnel 1st 90 seconds risk? (

dgermann 08-20-2011 01:35 PM

wifi ssh tunnel 1st 90 seconds risk?

Have figured out how to set up a proxy using socks5 and ssh to protect my browsing, and tsocks to protect my email in wifi hotspots.

What are the risks for someone snooping on what I am doing, during the first 90 seconds or so when I am logging into the café wifi and establishing my ssh tunnel?

My system: Ubuntu 10.04 lts; FF 3.6.20; Evo 2.28.3


MS3FGX 08-20-2011 06:44 PM

Well, as you have explained the situation, you aren't really doing much of anything at that point; so the risk would be minimal.

There is nothing useful to be gained by capturing your association with the AP; and as long as you aren't using clear text SSH passwords or protocol 1, the initial SSH handshaking is completely secure.

However, that is assuming there are no other applications running on the machine which you aren't mentioning. If you had something like an IM client that logged in as soon as an Internet connection came up (and therefore wasn't running though the SSH tunnel) it could be possible that those login credentials could be captured.

sundialsvcs 08-21-2011 03:18 PM

Always set up SSH to use digital certificates, and to refuse password-style logins. Use a truly-random passphrase to secure the certificate, rigging the passphrase to a secure keychain. (Macintosh OS/X, for instance, does this automagically in its version of ssh_agent.)

The handshake for SSH does not reveal any information.

If the SSH daemon on the receiving end will accept only a digital certificate as its login credential, and if that certificate is cryptographically secured on your machine ... and if you have a padlock on your laptop even if you leave it "just for a second" :eek: ... then there's really nothing for anyone to "snoop."

unixfool 08-22-2011 03:24 PM

I don't know if it is correct to say "always set up SSH to use digital certificates". For what he/she is doing, non-keybased authentication is fine (not optimal from a security perspective, but OK). In fact, that isn't even what the OP asked about. It will work fine, even without digital certificates, IMO.

Like MS3FGX stated, ensure every client (such as IM) is disabled first (so that traffic can't be sniffed). Then you'll have nothing to worry about.

dgermann 08-22-2011 09:07 PM

MS3FGX, sundialsvcs, and unixfool--

Thank you each for helping me.

At this point, I am using a password, but don't know if it is clear text, and I am not sure how to tell which protocol it is using.

The server man file reports that it defaults to protocol 2, which is what I had expected. The man file also says "The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network."

On the server, ssh -V reports: "OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008"; on the client it reports: "OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009"

The man file on the client reads essentially the same as on the server.

Does OP = Original Poster?

What does AP mean?

Thanks for all your help!

:- Doug.

unixfool 08-24-2011 10:43 PM

Yeah, OP means original poster. AP is 'access point'.

dgermann 08-25-2011 09:11 AM


Many thanks!

All times are GMT -5. The time now is 08:25 PM.