Some questions about ssh tunnelling and security

bishmer at sekaran.net bishmer at sekaran.net
Wed May 20 13:55:17 MST 2009


I'm looking for some answers to my questions from more paranoid
security-minded people (hi Lisa!). Networking isn't really something I'm
particularly good at, and I'm always looking to learn more about it.

Assume a host somewhere on the internet with sshd running ("Egress").
Let's say someone else, from a different geographical location, then
creates an ssh tunnel to Egress and sets up a SOCKS proxy.
Our user then uses his SOCKS proxy to send and receive various sorts of
TCP traffic (let's say SMTP, IMAP, telnet and HTTP).

Questions:
1) Of the various points for attacks on the traffic, are Egress' local
network and the client's local network particularly risky, less risky, or
safe compared to the bounces along the backbone?

2) In securing the ssh tunnel itself, what is a reasonable amount of
paranoia to result in reasonable security? Portnumber changing? Port
knocking? Can you layer more encryption on top of ssh?

3) What sort of sensitive information should never be sent through this
tunnel due to inherent risk, no matter how much effort has gone into
securing the connection?

Thanks in advance for answers!



More information about the PLUG-discuss mailing list