OT: General SSH Tunneling questions

Discussion in 'Tomato Firmware' started by Devileyezz, Feb 2, 2009.

  1. Devileyezz

    Devileyezz LI Guru Member

    I had a CentOS box at a company datacentre that I had an account on. I have a laptop at home running Vista and is on my home WiFi network. So, for secure browsing, I setup an SSH tunnel by basically opening a putty session binded to a local port and then set firefox to use localhost at 1080 and everything was fine. My WiFi network has WPA-PSK security (Thanks to Tomato). But I still wanted to setup the SSH tunnel for added security. Used a batch script that ran at boot to exec "putty -D 1080 -P 22 -ssh devilish@companybox.com", and then when putty opened and asked for the password for user 'devilish', I entered password before firing up

    Few questions:
    1) With the above mentioned method, I basically had myself two layers of security for all browser related surfing. Right? And was it any better?
    2) My city offers an open WiFi hotspot (no wep, nothing) where anyone can logon. Using the SSH tunnel mentioned above, I could secure my browsing to a point. Correct?
    3) Using the same localhost port, I can direct various programs that require the Internet to use the localhost 1080 port thereby routing all traffic through SSH?
    4) Do all activities get recorded on the CentOS box on what traffic went through the account via the tunnel, etc?

    For example, I'm now no longer with the company, so I obviously deleted my access. Now, I'm planning to get a cheap $5p/m VPS (suggestions welcome btw) just for the SSH to be back on my secure Internet. But I was scared and wondering about what if the VPN server gets compromised... would it show all the passwords/URLs that passed by it?


    Till I get the VPS, I could do it all using the Tomato SSH as well and nothing would change compared to doing it from a real VPS either, right?

    Thanks a lot for reading!
  2. Devileyezz

    Devileyezz LI Guru Member

    No one knows anything about SSH tunneling?
  3. Devileyezz

    Devileyezz LI Guru Member

    Oh come on guys!
  4. ifican

    ifican Network Guru Member

    You are no more safe tunneling ssh to the web then you are just sitting on an open wireless network. Yes the actual connection is in good shape, but the web is still the web and the open wireless network leaves your machine open to attack. There really is a misunderstanding that if you are on an open wireless connection and you ssh or vpn to somewhere else and web surf you are good to go with bank and such, that is just not the case and a no no. Are you safer than some one that is not doing that? In reality no, you are only as safe as the updates on your machine and the ability of your personal security measures to keep someone out.
  5. Devileyezz

    Devileyezz LI Guru Member

    Mind explaining why it isn't safer?
    I always thought since an established SSH connection is a secure connection that anything that is passed through it is secure as well.
  6. RonWessels

    RonWessels Network Guru Member

    Re-read ifican's response.

    Your SSH connection is, indeed, secure and "impossible" to eavesdrop on. However, being connected to an open wireless network means that every hacker within wireless range can freely attack your machine. If there are un-patched exploits available on your machine (of course there are no bugs in Microsoft software!), all a hacker needs to do is break in and install a key-logger on your machine and your banking information is compromised, even though your network connection to your bank was secure.
  7. Devileyezz

    Devileyezz LI Guru Member

    Ah, I see now. You guys are mentioned system security. If someone asks a question "My XP box keeps crashing for some reason", you'd probably answer "Switch to Linux". You've done the same to my question... not provided the real answer I'm looking for.

    Yes, I understand system security is crucial. But what about my real SSH questions at hand?
  8. bripab007

    bripab007 Network Guru Member

    I think in your proposed scenario that the DNS lookups performed during your secure SSH browsing would still be performed/cached on the city's unsecure hotspot ISP/domain name server lookups.
  9. Devileyezz

    Devileyezz LI Guru Member

    Hmm, even though all the traffic that starts in the browser goes right through the SSH server? But would that really be bad since I'm not passing any passwords in there?
  10. bripab007

    bripab007 Network Guru Member

    Well, I suppose not really bad, per se, you'd just be leaving trackable browsing history in the ISP's hands.
  11. Devileyezz

    Devileyezz LI Guru Member

    Makes sense.
    So the VPS idea would work well?
  12. greatscott

    greatscott Addicted to LI Member


    Test this out.
  13. Devileyezz

    Devileyezz LI Guru Member

    This is what I've been doing, minus the removal of history caching as it didn't concern me as much.

    So this basically means I can get a VPS and use the SSH login info for all my tunneling needs.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice