0

If I connect to a server via SSH, what network traffic is viewable to someone monitoring the network? For example, if I'm at work and connect to a server via SSH, what can the network admins see? Do they just see the IP and port I'm connected to, but all of the data itself is encrypted? What if I connect to one server, and then SSH from that server to another server - is that traffic viewable, or does it just look like data to the first server?

I want to make sure if I connect to a server as little traffic is viewable to any external parties. Is there any way to hide the IP I'm connecting to as well?

Update Server 1 and Server 2 are both external to the network I'm currently on. Does that change anything in regards to what someone on my network can see outgoing from server 1?

Wallace Sean
  • 137
  • 1
  • 1
  • 6
  • Is there a reason you're so untrusting of the network admins? What are you doing, sending a bunch of sensitive data offsite or something? – ceejayoz Jun 07 '11 at 16:25
  • Just more curious then anything - it's not sending any data that I shouldn't be that I'm concerned about, just what's visible to others. – Wallace Sean Jun 07 '11 at 16:38

3 Answers3

5

The network admins can see an IP connection between the two machines, using TCP protocol on port 22, and the rest is pretty much encypted once the connection has been established. The same applies for subsequent connections to another server. This is the whole idea of using ssh, otherwise it would be pretty pointless.

You cannot hide the IP address, unless you use some from of NAT (in which case the network admins would see the natted address).

wolfgangsz
  • 8,767
  • 3
  • 29
  • 34
  • When you are referring to subsequent connections to another server, does that mean a separate SSH connection, or a SSH connection from server 1 to server 2? Would any of the network traffic from server 1 be visible - curl requests, SSH to other servers etc to someone monitoring my network that I've connected to server 1? – Wallace Sean Jun 07 '11 at 16:12
  • The connection from server1 to server2 also uses SSH, therefore again IP addresses are visible, but content is not. When this content is forwarded to the original client, effectively the content gets repackaged. What exactly the network admins can see, depends on where exactly they are listening. – wolfgangsz Jun 07 '11 at 16:19
  • So even if server 1 is external to the network I'm connecting from, someone on my network can still see outgoing data from server 1 to somewhere else? – Wallace Sean Jun 07 '11 at 16:24
  • IP traffic works by sending packets from one IP address to another, no matter where that other address is (that is taken care of by routing in the IP layer). Therefore, if somebody could listen in to all the traffic on your network (which is unlikely and difficult for various reasons), they would be able to see packets from server1 to you and viceversa. – wolfgangsz Jun 07 '11 at 16:32
3

The to/from IP and TCP 22 connection/session. No you can not hide the to/from IPs. You may "distort" the "true" destination IP by relaying off of an intermediate, but that is pretty much as "good" as it gets.

user48838
  • 7,393
  • 2
  • 17
  • 14
1

If you connect to server 1 and then from server 1 to server 2, no they can not see that you are connected to server 2. It just looks like more traffic to server 1.

JamesRyan
  • 8,138
  • 2
  • 24
  • 36