Is it possible to have a Secured channel and Insecure network at the same time


I was reading up on SSH when i came across the following sentences in the first paragraph of the article

via a secure channel over an insecure network

1 ) In what context is the channel and network being referred to

2 ) How can a channel be secured but the the network is not secured and vice versa , I would appreciate examples


Posted 2014-02-19T01:46:14.907

Reputation: 837

Sure; There are tons of access points ( i.e. routers ) that provide "guest networks" as an option. – Ramhound – 2014-02-19T02:03:18.097



The channel is an encrypted tunnel over whatever networks your machine is connected to.

For example, say you take your laptop to a coffee shop with public Wi-Fi. Anyone can see all the traffic that is being sent and received from your machine. So, you create an SSH tunnel to your server at home (or wherever), and send your network traffic through there. Hence, any potential eavesdroppers would only see encrypted packets.

Therefore, your communications remain secure.

The opposite situation would be a private network that isn't connected to any untrusted computer, like a home LAN. In that case, you control all the hardware and so it is safe communicate in the clear. (At least, assuming you're not connected to the Internet.)


Posted 2014-02-19T01:46:14.907

Reputation: 4 693


1) The Channel is the secure communication channel you get, when you establish an SSH tunnel between trusted computers. Network is the physical network of machines (computers, routers, switches) transporting the data. The data is sliced into packets, that are send across the network towards the destination machine. You may imagine the channel as a virtual pipe secured through encryption. Everything, that goes through that virtual pipe is transported as encrypted packets using the underlying network.

2) Most time you can't trust the network because you don't have full control over all machines. If someone has control over a machine transporting (forwarding) your packets, he can read or alter them. To protect against such attacks you use encryption, like SSH. Encryption means to alter the cleartext in a way, that you can only get it back, if you have the key. To get a secure channel over an unsecure network, you have to do 2 things:

  1. Verify you are talking to the right machine/person.
  2. Establish secure (encrypted) channel, using a key nobody else knows (shared secret)

To achieve these goals, SSH uses public key cryptography on both ends. To be sure you are talking to the right machine (1.), you have to check the fingerprint. After that both ends negotiate a shared secret key used to encrypt the data. For that usually Diffie-Hellman is used.

Because you verified you are talking to the right communcation partner and you securely exchanged a shared secret key to symmetrically encrypt the data, nobody can alter or read your communcation anymore. You have a secure channel over an insecure network.

Enno Gröper

Posted 2014-02-19T01:46:14.907

Reputation: 161


Is it possible to have a Secured channel and Insecure network at the same time

You can have a "secured channel" over an insecure channel or network by using encryption. Encryption can be considered an additional "layer over" a network or other medium.

If Alice and Bob want to talk to each other, over a network that anyone can listen in on, this is easy if Alice has Bob's cryptographic keys and Bob has Alice's cryptographic keys before they start talking.

Alice and Bob should NEVER transmit their keys over the network in the clear to keep them secure.

Now, if they haven't talked outside of the network before, there are ways to securely exchange keys such as Diffie-Hellman which TLS/SSL/SSH uses.


Posted 2014-02-19T01:46:14.907

Reputation: 63 487