Using unprotected Wifi
in [Linux Networking]
|
Prev: WANTED TO BUY - NETWORKING, TELECOM EQUIPMENT & SOFTWARE - CISCO, NORTEL, LUCENT, JUNIPER, EXTREME, FOUNDRY, FUJITSU, MICROSOFT, ADOBE, SYMANTEC & MORE
Next: NFS boot: where are the mount options ?!?
From: unruh on 28 May 2010 02:38 On 2010-05-27, Tim Frink <plfriko(a)yahoo.de> wrote: > Hi, > > I have to use an unprotected wireless network (it's not > administrated by me). When I understand it correctly, using > this WiFi is not safe since all data (such as passwords that > I type on my console when I use ssh ...) is transfered unencrypted, > i.e., it can be basically read by anyone. The unencrypted link means that any unencrypted data sent over the link is readable from outside ( web pages, etc) However, ssh traffic IS encryptd and furthermore the password exchqange is encrypted. Thus if you use ssh over an unencrypted loink the data cannot be read. > > Is there a way to use an unprotected WiFi in a safe way by transmitting o Yes. Use ssh or use a vpn > all data in an encrypted way such that it can't be snooped? > > Best, > Tim
From: unruh on 28 May 2010 02:43 On 2010-05-28, David Schwartz <davids(a)webmaster.com> wrote: > On May 27, 6:09?pm, thunder <thunderTAKE...(a)gti.net> wrote: > >> I'm a little confused. ?I can understand your concern about "all data", >> but not ssh. ?ssh is a "Secure Shell", and data *is* encrypted. > > He's concerned about his password. If a MITM hijacks his SSH Unencrypted and MITM are almost orthogonal concepts. You can have MITM with and encrypted connection, and have unencrypted connections wich are resistant to MItm. SSH encrypts all information going over the link. IF you use it properly it is also resistant to MITM ( although it is amolst never uses prpoerly-- people say to conect even if the system tells them that the key has changed, because it changes too oftern due to innocent changes ( eg reinstallation) > connection, unless he verifies the SSH key, the MITM could get his > password and then SSH in as him. Unfortunately, in my experience, SSH > keys change so often due to upgrades and incompetence that nobody ever > checks them. > > DS
From: unruh on 28 May 2010 02:46 On 2010-05-28, Joe Pfeiffer <pfeiffer(a)cs.nmsu.edu> wrote: > thunder <thunderTAKEOUT(a)gti.net> writes: > >> On Thu, 27 May 2010 22:25:00 +0000, Tim Frink wrote: >> >>> Hi, >>> >>> I have to use an unprotected wireless network (it's not administrated by >>> me). When I understand it correctly, using this WiFi is not safe since >>> all data (such as passwords that I type on my console when I use ssh >>> ...) is transfered unencrypted, i.e., it can be basically read by >>> anyone. >>> >>> Is there a way to use an unprotected WiFi in a safe way by transmitting >>> all data in an encrypted way such that it can't be snooped? >>> >>> Best, >>> Tim >> >> I'm a little confused. I can understand your concern about "all data", >> but not ssh. ssh is a "Secure Shell", and data *is* encrypted. > > There's no encryption between his machine and the access point. If he > does his own encryption (even ROT13 -- deliberately chosen as "little > sister" security), it doesn't magically get unencrypted before going out > the antenna. ssh IS "his own encryption" An ssh session is encrypted from end to end including between his machine and the access point. > > Several examples of doing his own encryption have been presented so far > (the ones I've seen have been a VPN, SSL, and SSH) and are just as > secure over the air as over a wire. > > The mistake in regarding wifi as insecure is in thinking anything else > you do once you're off your own machine (or trusted infrastructure) is > any better.
From: David W. Hodgins on 28 May 2010 03:28 On Fri, 28 May 2010 02:46:12 -0400, unruh <unruh(a)wormhole.physics.ubc.ca> wrote: > ssh IS "his own encryption" An ssh session is encrypted from end to end > including between his machine and the access point. The ssh connection will only be encrypted after the session has been established. If he's using a passphrase, instead of public/private key encryption, then he is susceptible to passphrase sniffing. Use public/private key encryption. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: unruh on 28 May 2010 05:51
On 2010-05-28, David W. Hodgins <dwhodgins(a)nomail.afraid.org> wrote: > On Fri, 28 May 2010 02:46:12 -0400, unruh <unruh(a)wormhole.physics.ubc.ca> wrote: > >> ssh IS "his own encryption" An ssh session is encrypted from end to end >> including between his machine and the access point. > > The ssh connection will only be encrypted after the session has been > established. False. The estabilshment of the key is also protected. A approaches B and assuming that the two have shared a public key before hand, can verify that B is actually the intended recipient. Then the two exchange a key in a protected matter. > > If he's using a passphrase, instead of public/private key encryption, > then he is susceptible to passphrase sniffing. No he is not. > > Use public/private key encryption. ssh always does use it to establish the session key. The user public/private or passphrase key are not to establish encryption but to verify that the user on B is the use allowed to log onto A. But by that time encryption is established. > > Regards, Dave Hodgins > |