Couple questions about SSH protocol

[Carlos1010]

Hi all,

So have a few questions here because I'm trying to

learn this ssl protocol and by my calculation it's the protocol that's helps you do Remote Desktop safely.

 

1. Do all Remote Desktop applications like team viewer use ssl? If not why not? I mean like it's super secure

 

2. When your doing ssl from the Linux, can do do it so that you can see the other computers screen because I've only seen people looking through their files and stuff. 

 

Thanks

[Electronics Wizardy]

ssl /= ssh.

 

1.It depends on the protocol. Things like vnc don't support it, but it can be put through a encrypted pipe

 

2. VNC for remote desktop, ssh for terminal.

[KuJoe]

The reason why not all communication (such as remote desktop) utilize SSL or encryption is because of performance. The encryption overhead is noticeable if you have a low end CPU or slow connection. In a lot of cases encryption isn't required if your within the same network so why waste the CPU cycles and bandwidth if you don't need it? I personally enable the maximum amount of encryption available for my RDP/xRDP sessions unless I'm accessing the server via VPN in which case that is more than enough encryption for my needs so no point doubling up the encryption.

[SCHISCHKA]

18 minutes ago, Carlos1010 said:

1. Do all Remote Desktop applications like team viewer use ssl? If not why not? I mean like it's super secure

 

you must have a loose definition of secure https://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS.2FSSL

From the team viewer white paper retrieved from https://downloadus2.teamviewer.com/docs/en/TeamViewer-Security-Statement-en.pdf

 

Quote

Encryption and Authentication

TeamViewer Traffic is secured using RSA public/private key exchange and AES (256 bit) session encryption. This technology is used in a comparable form for https/SSL and is considered completely safe by today's standards. As the private key never leaves the client computer, this procedure ensures that interconnected computers - including the TeamViewer routing servers - cannot decipher the data stream.

Each TeamViewer client has already implemented the public key of the master cluster and can thus encrypt messages to the master cluster and check messages signed by it. The PKI (Public Key Infrastructure) effectively prevents "man-in-the-middle-attacks." Despite the encryption, the password is never sent directly, but only through a challenge-response procedure, and is only saved on the local computer.

During authentication, the password is never transferred directly because the Secure Remote Password (SRP) protocol is used. Only a password verifier is stored on the local computer. 

There are several reasons why they chose AES and we can only speculate because I do not work there and was not involved in that decision. I imagine its because there is hardware for AES, and compliance with USA encryption export law:

https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status

16 minutes ago, Carlos1010 said:

When your doing ssl from the Linux, can do do it so that you can see the other computers screen because I've only seen people looking through their files and stuff. 

i think you're asking for VNC. google it. You might like to google what "ssh -X" does. Its what Xserver was designed for & i use it a lot.

 

I recommend you sign up to your local Llinux Users Group to learn more, if you have a local LUG