5

Suppose there are three computers: (1) my laptop, (2) a server that has a public static IP address, and (3) a Raspberry Pi behind a NAT. I connect from (1) to (3) via (2) as explained below.

On the server (2), I add GatewayPorts yes to /etc/ssh/sshd-config, and restart the SSH daemon: sudo systemctl reload sshd.service.

On the Raspberry Pi, I create a reverse SSH tunnel to the server:

rpi$ ssh -R 2222:localhost:22 username-on-server@server-ip-address

On my laptop, I am now able to connect to the Raspberry Pi using:

laptop$ ssh -p 2222 username-on-pi@server-ip-address

The question is: is the server able to see the data sent between my laptop and the Raspberry Pi? Can the server eavesdrop on the SSH session between my laptop and the Raspberry Pi?

Flux
  • 593
  • 4
  • 10

1 Answers1

9

Assuming that there is no active MITM attack going on (which can be detected by properly checking the host keys when connecting to rpi), the server sees only the SSH traffic between laptop and rpi.

Since the payload is encrypted in SSH the server can only do some broad traffic analysis (i.e. source, destination, timing, size of data, ...) but not see or even modify the actual payload. Note though that in some cases such traffic analysis might already be valuable, see for example Timing Analysis of Keystrokes and Timing Attacks on SSH.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • What's funny about this is I had requested a feature to turn off the payload encryption on nested SSH a decade ago; lol I should have installed rsh. – Joshua Apr 03 '21 at 18:34
  • @Joshua Does SSH really not support that? Wow. – DaveTheMinion Apr 04 '21 at 00:52
  • @DaveTheMinion SSH used to support setting the encryption algorithm to `none` (I used to use it when `scp`ing files around to/from machines on my local network with weak CPUs) but modern versions have removed the option in the interest of security. – hobbs Apr 04 '21 at 03:17