If I use an SSH tunnel to get around a firewall, what does the sysadmin see?

security firewall ssh-tunnel

Solution 1:

He will just see an SSH connection being open and perhaps some encrypted information when he does a closer data inspection. Unless he knows the encryption keys he won't be able to see what you're doing exactly. So from the network traffic, he will not be able to see if you've been on Facebook. Don't forget about browser history though. Your sysadmin might have installed something on every workstation to monitor browser history. I also doubt a sysadmin will go through so much effort just to prove you've been on Facebook. ;)

From http://en.wikipedia.org/wiki/Tunneling_protocol#Secure_Shell_tunneling:

SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services — so long as a site allows outgoing connections. For example, an organization may prohibit a user from accessing Internet web pages (port 80) directly without passing through the organization's proxy filter (which provides the organization with a means of monitoring and controlling what the user sees through the web). But users may not wish to have their web traffic monitored or blocked by the organization's proxy filter. If users can connect to an external SSH server, they can create an SSH tunnel to forward a given port on their local machine to port 80 on a remote web server. To access the remote web server users would point their browser to http://localhost/.

Solution 2:

Also, make sure to run DNS through your SSH tunnel. In firefox, this option is disabled by default. The network admin will only see encrypted traffic, as noted above.

about:config > network.proxy.socks_remote_dns;true

Solution 3:

If you mean the internet history stored in your browser, that will still show the sites you visited. The SSH tunnel will only encrypt/hide the data as it moves through the network. So you are hidden from network based detection, but not from them checking your computer. What browser are you using? Does it have a "stealth" mode ?

Solution 4:

first question: is it YOUR computer you´re working with or is it the companys computer. if it´s the companys, you shouldn´t even think about using the ssh tunnel, because normaly the firewall blocks these sites in a company for a reason. If you neet to use i.e. facebook for work, talk to your admin. But, the point of an ssh tunnel is to encrypt the traffic, so nobody can see what youre doing. So your admin only can see THAT an ssh connection is opened. Although, if he is able to view the browser history, he will see it. But, as BloodPhilia said:

I also doubt a sysadmin will go through so much effort just to prove you've been on facebook. ;)

Related

Add a program to startup in Windows 7?
How can I change the order of GNU Screen "screens"?
Install software using a downloaded port file
Some pretty fixed width font for Windows? [closed]
scp'ing multiple files in one pass - to multiple destinations on one target server?
Batch Convert OpenOffice (ODT) to MS Word (DOC) files?
how do I make windows "show desktop" restore the same windows it minimized?
On Mac OS X how can I see how much memory is being used by what programs?
Why are camera files typically prefixed "DSCN" or something similar?
Is it possible to add volume controls & shortcut keys to a mechanical keyboard which does not have the keys?
What is Kernel Memory? What function does it serve?
TRIM support via dm-crypt/device-mapper