advertisement

Article:
  Inside SSH, Part 1
Subject:   ssh secure AFP connection with OSX 10.3.4 (not server version) How To
Date:   2006-01-24 17:34:54
From:   wfaulk
Response to: ssh secure AFP connection with OSX 10.3.4 (not server version) How To

This code is 100% insecure.


All it does is make a secure connection to the computer you're currently logged into (which is fairly pointless) and then opens an unencrypted tunnel to the remote host. The reason you can specify a host in the -L option is so that you can have an encrypted tunnel through an insecure network to one that is secure, but you can't open an SSH connection to the host you need to tunnel to, so you connect to another host on the remote secure network and it then passes the decrypted data to the other host. What you're doing here is encrypting the data between the localhost and itself, then passing unencrypted data to the remote host as if you'd never used SSH at all. All you're doing is wasting CPU cycles.


What you want to do is


ssh -L${LOCAL_PORT}:${TARGET_HOST}:${TARGET_PORT} ${TARGET_HOST}


This will open an encrypted channel to the remote host, where the data will be unencrypted and sent along to the host and port specified, which, in this case, is the same host doing the decrypting.


1 to 1 of 1
  1. NO, This code is *NOT* 100% insecure.
    2006-01-25 23:24:58  GNULinux4me [View]

    • YES, This code is 100% insecure.
      2007-08-21 01:15:27  macGenius [View]

      • YES, This code is 100% insecure.
        2008-08-30 00:06:55  bill penn [View]

1 to 1 of 1