Ping a Specific Port

Question

alancc

Asked: 2017-01-20 18:06:11 +0800 CST2017-01-20 18:06:11 +0800 CST 2017-01-20 18:06:11 +0800 CST

HTTPS over third-party SSH tunnel. Is it safe?

772

I just get a Linux server from a third-party. Then I create a SSH tunnel via SecureCRT: https://www.vandyke.com/support/tips/socksproxy.html , where the Linux server is used as the Gateway Server.

However, the Linux server is not 100% safe since it is managed by a third-party. Now if I connect to a HTTPS server via the SSH tunnel, will the password sent to the HTTPS server be stolen by the administrators of the Linux server?

1 Answers

Voted

techraf · Answer 1 · 2017-01-20T18:25:26+08:00

techraf

2017-01-20T18:25:26+08:002017-01-20T18:25:26+08:00

HTTPS over a third-party SSH tunnel is no less secure than SSH over untrusted networks and internet is by definition an untrusted network.

HTTPS encrypts end-to-end and no party in-between can decrypt the message unless they possessed the keys (or downgraded the connection, or tricked the user to trust attacker's certificate, but no attack on HTTPS is facilitated by using an underlying tunneling protocol).

Also you don't send any password to the HTTPS server. A password might be a part of the data transmitted over the secure HTTPS channel, but no password is used for the HTTPS implementation/connection itself.

5

HTTPS over third-party SSH tunnel. Is it safe?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?