[kwork]

I have an SSH server on my mac at home and connect to it through my work PC. I know with SSH the data sent over the internet is encrypted but where does the encryption start? i.e. if I use a web browser that is tunneled through ssh, is the url and the home ip completely encrypted?

They block all of the streaming media here at work I am wondering if I streamed media through my ssh tunnel would they be able to block my home ip address and shut me down completely?

thanks,

[rwhiffen]

The SSH encrypts the entire packet payload. So they will have no visiblity into what the conversations inside the SSH tunnel are. Which doesn't mean they can't block your home IP, it just means they would have no idea what you were sending to and from your home IP other than encrypted data. Keep in mind this is considered circumventing security so if you have a clause in your HR policy about it, you can get fired for this.

Cheers,

Rich

[legacyb4]

While the data is encrypted, they'd notice a higher than normal flow of data going through the network (streaming versus simply an open SSH connection) and begin to wonder why that was.

Also, depending on what your terms are on your home connection, you'd start to crunch through bandwdith pretty quickly if you did this all the time.

[Tesseract]

The IP address of the machine you SSH into is not (and cannot be) encrypted, since routers must know where to send the encrypted data. Everything else, including the URL you are accessing and even the nature of the connection (Web, email, etc) is 'inside' the SSH tunnel and therefore encrypted.

Your browser will probably not perform DNS lookups through the tunnel, so 'they' could see what domain names you are performing DNS lookups on. If they notice that there are DNS lookups of blocked sites closely followed by bursts of SSH traffic, they might put two and two together. This would require a pretty observant network admin though.