Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Things you learn about SSH

I’m sure those reading my blog for personal reasons (i.e. Family members – Hi mum) really don’t care about this post. Personally a few years ago (or maybe even months) I might not have either.

Anyway I’ve been using the great little program called synergy for a while now. As I’m running a lot of systems here (a pc, a few laptops, and a Mac G4) I was running out of desk space. Well anyway, synergy lets you control multiple systems from 1 keyboard and mouse (you need to use seperate monitors though incase you wanted to know) using signals sent between the machines over the LAN. Anyway lots of people have blogged on the use of this, so lets move on. The thing that made me scared was that all traffic that went over the LAN was totally clear text.

I did a capture using wireshark and you could see everytime I pressed a key that a “keypress event” was sent in packet form between machines. I could string together my packets in wireshark and read my passwords and notes. Very secure…

Still this leads me to the fun part (depending on your like or dislike of technology) SSH. Those people who run *nix will know what this is already. For those windows users amongst us, this is a secure tunnel between machines. Using SSH on both machines (openSSH can run under Windows using the Cygwin project) you can create a fully secure tunnel between machines using the following command.

ssh -f -N -L port:serveraddress:port serveraddress

As example my command run from the synergy client machine is.

ssh -f -N -L 28400:192.168.0.31:28400 192.168.0.31

This tells SSH to tunnel any traffic looking to use port 28400 to the address and port you specify (i.e. tunnel within a secure wrapper to my synergy server).

It works like a charm (although it was hell to get automated on the Mac system)… more about that if you want to mail me. Still think of the possibilities for SSH tunneling. I’ve got a tunnel now that will take all my internet traffic from my laptop (on any commection worldwide) to my machine hosted on the internet, and then routed out again. No more worries of those nasty black hat hackers scanning your unencrypted wireless traffic at a local coffee shop 😉

Well that’s your tech for today……

Advertisements

Comments are closed.