• Secure tunnel?
    10 replies, posted
How secure is using putty as a tunnel? Does it send traffic unencrypted? If it does, is there another program for secure tunneling?
Putty does more than one thing you know, i'd recommend using SSH with it if you can setup a SSH server somewhere.
Putty has multiple protocols it supports, such as SSH, Telnet and serial. I assume you're using putty to create tunnel to the server with SSH. It's encrypted (I don't think you can even disable encryption in SSH, someone correct me on this), it's very safe. People can sniff out traffic, but it'll be encrypted gibberish, so it's useless to them.
[QUOTE=nikomo;26428019]I don't think you can even disable encryption in SSH, someone correct me on this[/QUOTE] ssh=secure shell I think that bit of information should be answer enough. you're just using telnet if you get rid of the secured connection
[QUOTE=nikomo;26428019]I don't think you can even disable encryption in SSH, someone correct me on this[/QUOTE] In principle you can, though implementations might not support it. SSH's crypto support is extensible: a connection begins with the client and server exchanging their lists of supported ciphers so that they can agree on one to use for the connection. [url=http://tools.ietf.org/html/rfc4253]RFC 4253[/url] defines (in section 6.3) a list of standard cipher names, such as "aes128-cbc" and "arcfour", but implementors can provide support for additional ones beyond those. It's designed this way to allow it to evolve as new ciphers are developed and old ones are broken. One of the standard ciphers defined in the RFC is "none", which (as you might guess) does no encryption. It's marked as optional, so SSH implementations aren't required to support it. (I don't think OpenSSH supports it, for example.) [QUOTE=ButtsexV3;2643420]you're just using telnet if you get rid of the secured connection[/QUOTE] Not quite: even without encryption, SSH can still do message authentication (to prevent tampering), and the protocol still has features that telnet doesn't, such as tunneling.
[QUOTE=Wyzard;26436567]Not quite: even without encryption, SSH can still do message authentication (to prevent tampering), and the protocol still has features that telnet doesn't, such as tunneling.[/QUOTE] I'm just talking basic use, your average linux newbie who wants to access their computer on the go isn't going to need tunneling.
Sure, but it's the thread topic so it's relevant here. SSH's X11 tunneling can be pretty useful, btw. I use it when I'm away from home (with my laptop) and want to use things like Gnucash whose data files stay on my desktop computer.
Is it possible to create a key set that the server/client use before hand?
If you're asking whether you can use public keys for SSH authentication, then yes. With OpenSSH you use the ssh-keygen program to generate a keypair, then use ssh-copy-id to upload the public key into your ~/.ssh/authorized_keys file on the remote machine. Normally the private key is encrypted so you still have to type a passphrase when you connect, but if you're doing this programmatically and you need it to work without human intervention, you can remove the passphrase from the private key. Be extra careful to safeguard the private key file, of course. (You can also leave it encrypted and store the passphrase in another file, but then you have to safeguard [i]that[/i] file so you don't really gain anything.) [editline]1st December 2010[/editline] BTW, on the topic of secure tunneling, you might want to take a look at [url=http://openvpn.net/]OpenVPN[/url]. It's a bit more complex to set up, but also more powerful: it gives you a whole network interface with its own IP address (and MAC address if used in tap mode), rather than just tunneling individual TCP ports like SSH does. I run an OpenVPN server on my router (a linux PC) and use it to connect my laptop remotely to my home network when I'm away from home.
Depends MD5 or 128 is not suitable anymore, MD6 or 256/448/512/768 encryption is better CHAP v2 or EAP is better, along with changing passwords every 7 days, with +16 character passkeys, is pretty secure, well atleast for WAN connections
MD5 and MD6 are hash functions, not encryption algorithms. CHAPv2 and EAP are authentication mechanisms; they don't provide a secure tunnel by themselves. They're used as part of something like [url=http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol]PPTP[/url] to create a tunnel. (CHAP has known security flaws, btw.)
Sorry, you need to Log In to post a reply to this thread.