Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Using SSH without raising questions
- Kenny McCormick
February 2, 2004, 7:05 pm
rate this thread
read (oops!). I'm looking both for advice and pointers to advice
about keeping my private life private from my employer.
I'm an SSH newbie who signed up with Anonymizer after my employer
began blocking common POP3 & SMTP ports and made noises about
monitoring web usage, while blocking access to the Hotmail and Yahoo!
web mail pages.
I use email at work for both personal and work-related messages, but
unlike my colleagues, I never give out my work email address for
personal business, and I never use it to sign-up for web services.
Until the POP3 port got blocked, I used Mozilla mail (*not* Outlook or
Outlook Express) exclusively for my private email. My work email was
just for work, period.
Hence, I get no spam at my work email, nor does anything from my work
address show-up in anyone else's mailbox unless it's to do with my
job. I think this is a professional thing to do, but my employer
apparently doesn't see it that way.
So far, I've set up Anonymizer's secure shell to grab everything on
several common localhost ports and send it encrypted through the
default port 22. This is working fine. I'm still using Mozilla mail,
and I'm wiping out the cache with an erase program every night.
I also keep Mozilla and its cache, mailbox, and other files in a
directory that's concealed by Encrypted Magic Folders. When I'm not
using my private email, the directory isn't accessible through NTFS
(or so it seems). I'm aware that EMF can be swept aside in a simple
forensic search, so I'm not relying on it for security, just as a way
to keep from setting off alarm bells.
Recently, my employer has deployed LanDesk. I've had a difficult time
figuring out exactly what this utility does. I know it will catalog
users' applications, and permit IT mavens to remotely install on a
machine, but I don't know if it does more than that. Will it notice
that I have EMF running? Will it notice that I've got the Bitvise SSH
sitting on some ports? I don't know. Do you?
Here are more questions --
1) Port 22 isn't blocked, so SSH is free to use it. But I don't like
using a well-known port for exchanging data, even if it's encrypted.
Is it possible to configure the Anonymizer/Bitvise SSH to use a more
obscure port on my machine? Or does the protocol run on 22 and no
2) When I run "netstat", I get this partial set of results:
Proto Local Address Foreign Address State
TCP worksys043:1271 cyberpass.net:22 ESTABLISHED
TCP worksys043:http localhost:1270 ESTABLISHED
TCP worksys043:http localhost:1272 ESTABLISHED
TCP worksys043:1074 localhost:1075 ESTABLISHED
As you can see, Cyberpass.Net shows up load & clear. That's the
I've tried to change the Bitvise client software to use a numeric IP
in the hope that this is what will show up in the netstat report, but
I haven't been successful. If someone decided to monitor my ports'
usages, they will therefore not only discover that something's
happening on the SSH port 22, they'll also find out that it's
connected to a remote server named "Cyberpass.net," which is only
slightly less suspicious sounding than "MyDoom2U.Net" (but not much!).
I'd like to force this to show up with a numeric IP, therefore. Can
anyone explain to me how to do this?
3) Finally, I'm interested in what other suggestions you might have
for screening my private email traffic. I'm sure some of you will
yap, "Yeah, do it from home!", but there are situations where that's
not possible (and I'm asking for advice on how to screen what I do,
not how to stop what I'm doing). So do you have any?
Thanks, for your advice and pointers.
Re: Using SSH without raising questions
When you work, you are in an environment where basically everything belongs
to someone else. For SSH to work securely, you need AT LEAST a secure
computer system (and you got to remember the remote host key fingerprints
too). If you don't own the computer, how can you be sure?
SSH defaults on 22/tcp but can be configured to work on any TCP port as long
as the server listens on that port. For a specific service provider, you
have to contact it.
You cannot force an IP address not to resolve. However, you are able to use
your own home computer as a SSH server. Your computer's hostname is usually
0. Ask your boss. Doing any of the below may cost your job.
1. Use a laptop/handheld computer, preferrably with a cellular Internet
2. Use an OS-in-a-CD. However, this basically makes the office computer
non-productive. A network monitoring will soon detect that your computer is
3. Use SSH programs (such as putty/plink) on your own CD. You are still
subject to keylogging, screen-capturing, and application monitoring.
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum