If I use an SSH tunnel to get around a firewall, what does the sysadmin see?

I use an SSH tunnel for the port my browser uses to access the internet. The result is I get around the firewall my network uses, which prevents me from using many sites I want to use (facebook, anyone?). If I SSH tunnel like this, what does the sysadmin see about my internet history? Does he just see an SSH connected, and then encrypted information? Or can he see somehow I'm on facebook, and the SSH tunnel is only good enough for the firewall?

Tony Stark

Posted 2010-08-23T17:58:11.237

Reputation: 1 930

Answers

He will just see an SSH connection being open and perhaps some encrypted information when he does a closer data inspection. Unless he knows the encryption keys he won't be able to see what you're doing exactly. So from the network traffic, he will not be able to see if you've been on Facebook. Don't forget about browser history though. Your sysadmin might have installed something on every workstation to monitor browser history. I also doubt a sysadmin will go through so much effort just to prove you've been on Facebook. ;)

From http://en.wikipedia.org/wiki/Tunneling_protocol#Secure_Shell_tunneling:

SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services — so long as a site allows outgoing connections. For example, an organization may prohibit a user from accessing Internet web pages (port 80) directly without passing through the organization's proxy filter (which provides the organization with a means of monitoring and controlling what the user sees through the web). But users may not wish to have their web traffic monitored or blocked by the organization's proxy filter. If users can connect to an external SSH server, they can create an SSH tunnel to forward a given port on their local machine to port 80 on a remote web server. To access the remote web server users would point their browser to http://localhost/.

BloodPhilia

Posted 2010-08-23T17:58:11.237

Reputation: 27 374

hmm, i have a mac. do you know what software I should check for to see if they check my history? if i use stealth mode, will that address the history flaw? – Tony Stark – 2010-08-23T18:11:24.740

@hatorade there's no way to know for sure. You should ask your sysadmin. Programs like these *if they are installed anyway* can be hard to detect. Private browsing or trying a different browser *might* work but there's no way to be sure unless you ask if and how you're being monitored. – BloodPhilia – 2010-08-23T18:16:30.690

true, but i figure someone here probably knows the more popular ones :) – Tony Stark – 2010-08-23T18:17:37.863

Also, make sure to run DNS through your SSH tunnel. In firefox, this option is disabled by default. The network admin will only see encrypted traffic, as noted above.

about:config > network.proxy.socks_remote_dns;true

Stefan Kendall

Posted 2010-08-23T17:58:11.237

Reputation: 756

Hm. Can you point me to an option in Firefox which will set used DNS servers? – whitequark – 2010-08-23T19:00:55.110

I updated my answer. – Stefan Kendall – 2010-08-23T20:27:57.600

If you mean the internet history stored in your browser, that will still show the sites you visited. The SSH tunnel will only encrypt/hide the data as it moves through the network. So you are hidden from network based detection, but not from them checking your computer. What browser are you using? Does it have a "stealth" mode ?

Chance

Posted 2010-08-23T17:58:11.237

Reputation: 614

first question: is it YOUR computer you´re working with or is it the companys computer. if it´s the companys, you shouldn´t even think about using the ssh tunnel, because normaly the firewall blocks these sites in a company for a reason. If you neet to use i.e. facebook for work, talk to your admin. But, the point of an ssh tunnel is to encrypt the traffic, so nobody can see what youre doing. So your admin only can see THAT an ssh connection is opened. Although, if he is able to view the browser history, he will see it. But, as BloodPhilia said:

I also doubt a sysadmin will go through so much effort just to prove you've been on facebook. ;)

Diskilla

Posted 2010-08-23T17:58:11.237

Reputation: 1 516