Hi there, In my search to learn a bit more about Linux, i came across this website called “OverTheWire”, which teaches basic and some advanced concepts over SSH. It seems like a fun and engaging way to learn.
However, as a bit of a paranoid beginner when it comes to Linux and networking, i find myself worrying about the potential dangers of connecting to an untrusted network.
So, my questions are:
-
Does anyone have any experience with the website?
-
In the hypothetical case that I open an SSH connection to a compromised network, could that expose me to attacks? (Aside from obvious risks like downloading malicious files myself.)
-
Should I use a virtual machine (VM) for this?
I sincerely appreciate any responses. Thank you!
Thank you, even if its simplified, the browser example was really helpful. So in summary, having software up to date and being aware of what you do, should in most cases be safe. I was asking just in case there was some configuration i should do before connecting. With browsing i know that if i use something like firefox and ublock, i should be safe from most malware unless i screw up pretty bad. I will probably research ssh a bit more, as how it works, but you put some fears away. Thank you again.
The main oversimplification is where browsers “just visit websites”, SSH can be really powerful. You can send/receive files with
scp, or even port forward with the right flags onssh. If you stick tossh user@hostwithout extra flags, the only thing you’re telling SSH to do is set up a text connection where your keyboard input gets sent, and some text is received (usually command output, like from a shell).As long as you understand what you’re asking SSH to do, there’s little risk in connecting to a random server. If you
scpa private document from your computer to another server, you’ve willingly sent it. If youssh -Rto port forward, you’ve initiated that. The server cannot simply tell your client to do anything it wants, you have to do this yourself.I will keep it in mind, i will be mindful of commands and flags. No typing without being certain of what each command does.