Actions

Proxy over SSH

From Mike Beane's Blog

Revision as of 14:44, 31 December 2007 by Rabbi Bob (talk | contribs)

History

Basing this post on the previous VNC over SSH article, I was thinking of a way to be slightly more secure while using Wireless Hot Spots (Internet Cafes for example), where someone with sniffing programs could be lifting your username, passwords and email that you read right from the wireless connection.

Ingredients

  • A proxy server running in your 'home' network
  • SSH server running on the same box (or on your home network for advanced users)
  • An open port in your firewall pointing to the SSH server (changing your SSH port is recommended for security)
  • Putty on your laptop (or remote PC)

Prerequisites

  • Setup your proxy server and record the port that it runs on. I'm using Squid proxy (port 3128)

Remote Laptop Steps

  • Open putty and connect to your home network SSH server
  • Add the tunnel for the proxy server (3128 for squid)
    • See the previously mentioned article on this
  • Open IE or Firefox (or whatever)
    • Add the following LAN Proxy settings: 127.0.0.1:3128

Enjoy surfing via your secure SSH tunnel!

Verify

To verify this is working, do the following:

You should notice a DIFFERENT IP and you should recognize it as your home network's external IP.

Further applications

  • Reroute your email client through the tunnel

No Need For A Squid

From one of my gaming friends (Thanks Nightwalker):

OpenSSH has native support for Socks4/5 built-in, so there is no need to run a squid server.

Simply create a dynamic tunnel on localhost, port 1234 etc, and then use that port information for your socks5 server in Firefox / IE  etc.

I do the same thing on my Linux home box using a package called 'autossh' which maintains the connection for me.

In Putty, radio 'Dynamic, IPV4'
Source Port: 8081
Destination: 127.0.0.1

Will show up as '4D8081'.

Now in your favorite browser use localhost:8081

And you can connect via your tunnel using socks directly. No Squid required.

The only 'leakage' using this method is DNS. While using a squid proxy, the DNS wouldnt be visible.

I mainly use this method when I am traveling using a public wifi connection.

Related Articles

VNC over SSH