Consider a wireguard network of many clients which all interact with each other through a central hub server on a cloud VPS. One of the clients is a desktop used for SSHing into the other various clients–again, through the central hub. If the “terminal” client connects to another client through the wireguard hub using SSH public/private key authentication, what if any information within that SSH tunnel gets exposed or leaked to the “hub” server?
My threat model is if the VPS was to ever get compromised. I previously SSH’d into the hub VPS server and from there I would SSH into any of the other clients with a password. Horrible security, I know.
My new setup is as mentioned above. Only the single desktop client has key authentication to SSH into the various clients. But I want to be sure none of that data gets exposed to the VPS hub just in case.
If the host you’re connecting to is already in your known_hosts, a malicious network can’t do anything but break the connection. If it tries to mitm the ssh connection, you’ll get the alert that’s someone could be “doing something nasty”.
Information leakage: Anything between you and the ssh server will be able to see that you’re connecting to a ssh server and how much data you transfer, but not what the data actually is.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhost@lemmy.ml
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules
No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
If the host you’re connecting to is already in your known_hosts, a malicious network can’t do anything but break the connection. If it tries to mitm the ssh connection, you’ll get the alert that’s someone could be “doing something nasty”.
Information leakage: Anything between you and the ssh server will be able to see that you’re connecting to a ssh server and how much data you transfer, but not what the data actually is.