Is it secure to use free shells for ssh tunneling? Can the shell provider see and log the sites I visit and passwords I enter?
I'm new to this thing and couldn't find info on google :o
No, once you set the key, they are locked out.
You should get your ssh code from trustworth sources, as hackers can easily modify open source from trap doors. This applies to all downloads! Beware of odd binary code sources.
I believe ssh2 is both free and stronger. If you do a little man page reading, you can find out how to maximize your key size. This is especially important when you do passwordless PK access, where the key password is blank. I believe ther are even tools out there to embed the key's password in a running session, so it can be proffered by your avatar at approriate moments to unlock your key. BTW, the keys are just used a short while, to start up the connection session, and then a random session key runs the session for a longer time before a new key is negotiated.
1 Like
No, it is not "secure", relatively speaking.
A free sshd server is an "unknown" server and you don't know if the sshd server code has been modified.
If you want to create a "secure ssh tunnel" you need to set up the sshd server used for tunneling with code you trust.
Using a third party free sshd server is not secure at all because you don't know anything about how sshd was set up (or modified) on the free sshd server.
1 Like
I'm not sure I understood you guys :o
To clarify, by public shell I meant a shell for which you can sign up on certain websites for free. You signup and then you can use your personal login and password to access the shell.
I need such shell solely for the purpose of ssh tunneling for safe browsing and to access domains which are blocked by my ISP.
I read this somewhere: "sshd (SSH Daemon) is the daemon program for ssh(1). Together these programs ... provide secure encrypted communications between two untrusted hosts over an insecure network."
As I understood neither my ISP nor the shell provider can eavesdrop and log which sites I'm browsing and what passwords I enter when I use ssh tunneling or not?
I understood exactly what you mean by a free shell account.
On these accounts, you don't have superuser permissions and you did not install and compile sshd yourself. This means you don't know what sshd is doing.
In addition, when you set up an ssh connection between your client and the free shell server, only the connection is secure between the end points of the sockets.
This means that the superuser on the free server could, in theory, log and read your messages, if they wanted to with a simple code mod.
If you want "security" you need to have control over the "box in the middle" or you will be subject to a variation of what is called "the man in the middle attack".
Of course "secure" is relative, and if you don't care if the superuser on the free shell server can track your web surfing, then ...... it does not matter. I simply answered your question correctly, that it is not "secure" to use a third party server that you don't have superuser privs on the box.
1 Like
Ah, I understand now, thank you very much for the answer 