• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

SSH tunneling to local network router

J

jkroeder

Member
I enabled the SSH daemon on my Asus RT-N16 router with Tomato firmware so that I tunnel my traffic if I'm on an unsecure network.

Then I wondered... would it also work if I used the tunnel on the network locally?

Say I just set PuTTY to connect to the router @ 192.168.1.1. Would that mean I would also have an encrypted tunnel from my desktop to the router so that no one on my local network can sniff the traffic?

It's not that I would actually have a use for this but I'm curious if it would work.

Thanks
 
No, only your PuTTY connection is using SSH. Any browser traffic, etc. creates a different connection, and unless that connections also uses encryption (https) then it is in the clear. Use netstat -a to see how many different connections your computer actually has.
 
Last edited:
However you CAN use putty to open an ssh tunnel - which you can then configure your PC to use that tunnel for all traffic. THis can be done on the browser level or on the OS level (on a MAC its typically done on the OS level, while a MS OS relies on each browsers configuration).

The ssh daemon running on the router must support using dynamic ports. I don't know if the tomato firmware will. I tunnel to my router using dd-wrt's OpenVPN, then I ssh -D xxxx to an instance of Ubuntu running on an ESXi in my home. This allows for what you want. (Though I don't use putty, its a mac, so first ssh -D xxxx to the Ubuntu, then I have Proxies set up for all traffic to localhost port xxxx. )
 
Last edited:
why don't you just use PPTP?
router is 192.168.1.1
pptp server is 192.168.1.2
pptp range is 192.168.1.3-10
setup some static login/pw combo's?

takes about 5 minutes - pptp works with just about everything (except bonjour)
 
I suspect this would only obfuscate the traffic by changing the originating IP number on your packets. VPN works on untrusted networks because it's a way to transport traffic to-and-from a secure network. What you're proposing is more of a secure "revolving door" where your traffic hits the router and is dumped back on the LAN. Once your router dumps your traffic back on the LAN it becomes sniffable again.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top