SSH tunnel through Anonymous VPN?

Discussion in 'privacy general' started by Keller, May 25, 2008.

Thread Status:
Not open for further replies.
  1. Keller

    Keller Registered Member

    Joined:
    May 25, 2008
    Posts:
    10
    Is there any technical issue with using an SSH tunnel via a commercial anonymous VPN?

    i.e. does the SSH encryption operate at a higher level in the TCP/IP stack, so that outgoing packets would:

    1) first be encrypted by the SSH connection
    2) then wrapped in an encrypted packet by the commercial VPN (e.g. Xerobank, SwissVPN)
    3) forwarded to the VPN's server, unwrapped, then
    4) the SSH encrypted packet is forwarded to its destination

    The point is whether the SSH encrypted packet would be readable by the commercial VPN, or whether it would remain encrypted all the way to its ultimate destination (and vice versa on the return route)? I assume that whether this is the case depends on whether SSH encryption takes place prior to the SSL VPN encryption/wrapping?

    Thanks for any input.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    SSH works like this:

    -Client contacts the server and downloads the public key.
    -Client decides to accept the key; if not, the connection is terminated.
    -Encryption is established between server and client. The strength of this encryption depends on the length of the key and the encryption algorithm.
    -Client must authenticate against the server using a passphrase. The communication is secure. If the client authenticates correctly, the session begins and data transfer can be established.

    Additional programs can be run on top of SSH, for example, using stunnel. Other applications incorporate some sort of encryption by using the OpenSSL libraries.

    This is the most basic explanation. I can go into super details, the question is, do you need it?

    Now, if you type "how ssh works" in google, you'll get plenty of answers.

    Another thing you might want to look at is OpenVPN, maybe IPSEC.

    Mrk
     
  3. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    re: ssh, I use remote desktop to connect from work pc (xp) to home pc (vista home premium). Since vista home premium does not have the capability to receive remote logins, I had to make some tweaks.
    Would it be better to create a tunnel using a program like putty and connecting to remote desktop that way, or is that not necessary? I guess it comes down to how secure remote desktop is, which I don't know. I've considered using putty to connect to an ssh server (as explained above). Suggestions?
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Fontaine,

    SSH inside VPN is fine. You won't be exposing anything you weren't exposing before to an ISP. As long as the authentication method is secure, no problem.

    Think of it like a 10" straw inside a 6" pipe.
     
  5. Keller

    Keller Registered Member

    Joined:
    May 25, 2008
    Posts:
    10
    I appreciate the reply Mrk. I'm kind of a newbie at this, so I should probably go and read up more on the technical distinction between SSH and SSL. Kind of difficult to get your head round :)
    Thanks.
     
  6. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Thanks for the reply. I've been toying with SSL-explorer.
     
Loading...
Thread Status:
Not open for further replies.