> The idea of having a ssh daemon running on windows with a tunnel into a linux
> box gives me the creeps. All that basic security on linux lost, because
> someone got in through windows. All you need to do is to visit the wrong web
> page and somebody owns the windows machine. Won't take long then to discover
> that external linux connection...
>
> I have a few low profile boxes that gets at least one ssh hack attack every
> 2nd day or so. Just script kiddies, but attempts just the same.
That "external linux connection" is not the evil you are making it out
to be. Typically ssh tunnels are used to encrypt network traffic of
unencrypted protocols. A program can put its stuff into the local
end, the tunnel encrypts that traffic before anything is sent over the
network, then when the data reaches the other side and is off the
network it is unencrypted so the recipient program can do something
with it (or refuse to... whatever login/authentication mechanism the
program uses is not bypassed). Neither program has to know anything
about how the data is encrypted. ssh is just the data transport here,
it doesn't mean having an open door to run any command a shell will
allow. All you are doing is adding a layer of protection against
prying eyes on the network.
~ Daniel
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:12:38 EDT