Hi there, In my search to learn a bit more about Linux, i came across this website called “OverTheWire”, which teaches basic and some advanced concepts over SSH. It seems like a fun and engaging way to learn.
However, as a bit of a paranoid beginner when it comes to Linux and networking, i find myself worrying about the potential dangers of connecting to an untrusted network.
So, my questions are:
-
Does anyone have any experience with the website?
-
In the hypothetical case that I open an SSH connection to a compromised network, could that expose me to attacks? (Aside from obvious risks like downloading malicious files myself.)
-
Should I use a virtual machine (VM) for this?
I sincerely appreciate any responses. Thank you!
- I do not personally have experience with this website
- Connecting to an SSH server with an SSH client is much like connecting to a webserver with a webbrowser. It is theoretically possible for bad things to happen, but automatic (“zero click”) attacks of any kind are difficult to pull off when the software is up to date. Most bad things that happen come from the user doing it themselves, like downloading and running untrusted programs, entering your password on a phishing site, etc.
- This is not necessary, given your host system is up to date.
Note that my answer to 2 is heavily oversimplified, but applies in this scenario of SSH to “OverTheWire”.
Thank you, even if its simplified, the browser example was really helpful. So in summary, having software up to date and being aware of what you do, should in most cases be safe. I was asking just in case there was some configuration i should do before connecting. With browsing i know that if i use something like firefox and ublock, i should be safe from most malware unless i screw up pretty bad. I will probably research ssh a bit more, as how it works, but you put some fears away. Thank you again.
The main oversimplification is where browsers “just visit websites”, SSH can be really powerful. You can send/receive files with
scp, or even port forward with the right flags onssh. If you stick tossh user@hostwithout extra flags, the only thing you’re telling SSH to do is set up a text connection where your keyboard input gets sent, and some text is received (usually command output, like from a shell).As long as you understand what you’re asking SSH to do, there’s little risk in connecting to a random server. If you
scpa private document from your computer to another server, you’ve willingly sent it. If youssh -Rto port forward, you’ve initiated that. The server cannot simply tell your client to do anything it wants, you have to do this yourself.I will keep it in mind, i will be mindful of commands and flags. No typing without being certain of what each command does.
OverTheWire is fun! If you decide to play and get stuck make sure to check out the discord for help.
Thanks for the tip!
Yes, it could expose you, if the remote side exploits your client. But that isn’t really any different from connecting to their website with your browser client.
Thanks for the reply, i will keep it mind.