2

If I run:

ssh -fND localhost:6000 USERNAME@IPADDRESS -p PORTNUMBER

and I set my webbrowser to use 127.0.0.1:6000 SOCKS5 proxy, is there a way for the remote SSH server to monitor my web traffic?

I've seen this post that allows traffic to be monitored on a per-user basis, but what can they do if there is only 1 SSH user, and that 1 SSH user is used by many people behind 1 public IP address/NATed network?

I know that if I don't set network.proxy.socks_remote_dns to true in Firefox then they can see my DNS traffic, because it's resolved in my side.

So the Q: What are the methods to monitor traffic on the remote SSH server if there is only 1 ssh user with many "real" users using it?

Community
  • 1
LanceBaynes
  • 40,135
  • 97
  • 255
  • 351

1 Answers1

1

"They" can correlate the ssh session with both your real IP and the traffic coming out of the ssh server. This method of tunneling traffic over ssh is great for encrypting the contents of the traffic between the ssh client and the ssh server, but it won't help you avoid monitoring on the ssh server.

Mark Drago
  • 519