Knowledgebase

Portal Home > Knowledgebase > Articles Database > SSH Tunnel - Totally Secure?


SSH Tunnel - Totally Secure?




Posted by p8xc8gji, 05-14-2010, 02:01 PM
I always use SSH Tunnels while logging into personal accounts from wireless access points. But I'm just curious, is that totally secure? For example, if you login your Google account over a SSH Tunnel, and someone tries to sniff the packets transferred through the network you're using, is it possible to know your destination site (Google) or only the IP of that SSH Tunnel? Would using SSL over SSH Tunnel add another layer of security? PS. I'm referring to these kind of SSH Tunnels : http://oldsite.precedence.co.uk/nc/putty.html
Posted by jaseeey, 05-14-2010, 10:20 PM
Hi, Generally packets sent over SSH are encrypted with a key setup between the host and the client. If the packets were to be captured without the key, the body of the packet would be encrypted, where only the packet destination and port could be seen (along with any other frames in the header). If a third-party was to get hold of that key from the server and capture your packets, then they would be able to see exactly what is held in those packets. But, I'll put forward that this would definitely not be easy unless an attacker was to target you specifically and also break through the server security. I haven't personally heard of using SSL over SSH as it's generally designed for a web/mail/ftp server environment. Regards,
Posted by aeris, 05-15-2010, 04:10 AM
As far as current publicly available cryptographic intel can tell, SSH tunnels are secure as long as you have the remote host key cached. If you don't, they are vulnerable to MITM attacks. Any eavesdroppers wouldn't be able to tell your destination site, only the IP:port of the tunnel's endpoint.
Posted by madaboutlinux, 05-15-2010, 05:07 AM
SSH tunnel itself is secure so it is almost impossible to sniff packets and hence SSL is not required. BTW, only the IP of the SSH Tunnel is known and not the destination site unless the packets are sniffed and decrypted but as said earlier, it is almost impossible.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Thousands of Emails (Views: 589)
New to the reseller world. (Views: 741)
Question about Expires headers filename vs CGI params. (Views: 681)
Weekly backup from a Server to another. How? (Views: 692)
Find and Replace in MySQl database with PHPMyAdmin? (Views: 683)

Language: