Re: port forwarding and secured connection
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 18 Jan 2006 08:29:30 -0500
> machineA:#sshd -p 2222
> machineA:#ssh -f -g -N -L 2223:machineA:23 machineA
>
> A client telnet connection to port 2223 of machine A works.
>
> If I understand local port forwarding,
> the connection between the client and port 2223 on machine A should be
> not secured,
> the connection between port 2223 on machine A and port 23 should be
> secured.
No; they are both unsecured by SSH. In this model:
A -- TCP --> B:p == (ssh -L p:D:q C) ==> C -- TCP --> D:q
.... the connections A->B and C->D are plain TCP and unsecured by SSH.
However, if either A=B or C=D (as it is in your case), that leg is
generally considered secure since it does not go over a network. However,
the plaintext does go from one process to another on host C=D, and so
anyone privileged to inspect that IPC mechanism (loopback IP in this
case), can read the plaintext.
--
Richard Silverman
res@xxxxxxxx
.
- Follow-Ups:
- Re: port forwarding and secured connection
- From: titeuf.tuti@xxxxxxxxxxxx
- Re: port forwarding and secured connection
- References:
- port forwarding and secured connection
- From: titeuf.tuti@xxxxxxxxxxxx
- port forwarding and secured connection
- Prev by Date: port forwarding and secured connection
- Next by Date: Re: port forwarding and secured connection
- Previous by thread: port forwarding and secured connection
- Next by thread: Re: port forwarding and secured connection
- Index(es):
Relevant Pages
|
|
