cancel
Showing results for 
Search instead for 
Did you mean: 

lame question but bear with me...

N/A

lame question but bear with me...

In ssh tunnels, you are creating a encrypted tunnel between the ssh client and sshd deamon (or reversing the roles, based on the forwarding options used).

So if both the client and server portions of the tunnel are on a single box, then the tunnel remains solely in the machine. In effect, you should be seeing your plain text password leaving the machine to the router.

Even if you are using the client and server ssh sessions on different machines, you should be seeing the plain text password at some stage.

This will all depend on the filters used in your network monitor though, as to if or not you are capturing the right traffic at all.

What software are you using to capture the data?

Ethereal would be best. Capture all data, locate a packet from the connection, right click and follow the stream. This should filter out the transaction, and let you see the POST data.

Remember, you should be looking for transactions between the client machine and client ssh system, or the server ssh system and router. You will only see encrypted data between the client and server.

Also remember, if you are using a switched network, then you will have to capture the data from the correct system. The connection between client and ssh client, and the ssh server and router, will need to be from the correct machines.

Only the ssh tunnel can be montiored from either system.
1 REPLY
N/A

lame question but bear with me...

Hello all

I am disgraced that I cannot figure out what is happening in the following scenario.

My wireless router has a web interface for config. purposes which can only be accessed by internal machines(so it says anyway).
I am concious that logging in over plain http isn't secure as miscreants could be looking at internal network traffic. So I thought SSH port forwarding is the solution.
This is what I'm doing.....

On localhost I have sshd running, on the same machine I execute the following command so ssh will forward connections from that port to the router on port 80

$ ssh -v -L 9999:192.168.0.1:80 user@localhost

I then point my browser to http://127.0.0.1:9999 and I get the router's web config. page. I then log in, note that login is initiated by POST using a submit button which issues the following command to the router:

POST /cgi-bin/login.exe

I run tcpdump whilst logging in and can't seem to find my plaintext password - so I to assume the SSH tunnel worked - but HOW?

How can an encrypted tunnel setup on a LAN machine traverse the LAN encrypted then unencrypt itself once at the router when the router has no awareness of SSH or how to decrypt such packets.

I know it's a long post but any pointers would be much appreciated, even the odd mild insult at such a lame question would probably be warranted.

poncenby