March 20, 2009
ssh tunneling and socks proxy forwarding goodness
While I'm sometimes forced to use unprotected wi-fi hotspots when on travel, I do so without much trepidation. Most people complain about the complexities of using a VPN. Frankly, if you have remote access to Unix or Linux box that is running a ssh server you can essentially gain the same benefit that a vpn system can afford you.
A lesson on the many different ssh 'flags' would be beyond the scope here; however, you can tunnel most TCP/UDP based applications via SOCKS v5. I happen to run privoxy web proxy and tor on my box at home.
So if I setup my localhost (in this case my linux notebook) accept a tunnel from my box running openssh, I can tunnel all http traffic through this makeshift tunnel.
Since privoxy server listens on port 8118, I setup my tunnel as such..
ssh -NL 8118:localhost:8118 user@host (assumes ssh running on port22 - not advised)
Below is the output from 'netstat -tuap | grep 8118'
tcp 0 0 localhost:8118 *:* LISTEN 13188/ssh
tcp 0 0 localhost:8118 localhost:47018 TIME_WAIT -
tcp 0 0 localhost:8118 localhost:47019 TIME_WAIT -
tcp6 0 0 ip6-localhost:8118 [::]:* LISTEN
So now I still have one more step to get the benefit of privoxy and tor on my notebook.
If you're running Firefox or any Mozilla browser (I'm not sure if IE understands SOCKS), you simply need to do 'edit -> preferences -> network -> settings' select radio button for manual proxy settings.. Add localhost (127.0.0.1) and port 8118.
Now to tunnel TCP traffic via ssh - ssh -D 9999 user@host (again assumes sshd is running on port 22). The 'D' flag or switch tells ssh to tunnel SOCKS. on port 9999.
You would then add this information to the manual proxy settings as we did in the previous step. You should now notice the same benefits as you were running them on your local box. For people forced to run M$, fear not you can also realize the same benefits by using the putty client. However, you still will need access to box that is running openssh on the other end of the tunnel. I don't think that W2K3 server can run openssh natively. So you'll need Linux box. Get with the program ;-)
Posted by AG at March 20, 2009 10:48 AM