Proxy over SSH
From Rabbi Blog
History
Basing this post on the previous VNC over SSH article, I was thinking of a way to be slightly more secure while using Wireless Hot Spots (Internet Cafes for example), where someone with sniffing programs could be lifting your username, passwords and email that you read right from the wireless connection.
Ingredients
- A proxy server running in your 'home' network
- SSH server running on the same box (or on your home network for advanced users)
- An open port in your firewall pointing to the SSH server (changing your SSH port is recommended for security)
- Putty on your laptop (or remote PC)
Prerequisites
- Setup your proxy server and record the port that it runs on. I'm using Squid proxy (port 3128)
Remote Laptop Steps
- Open putty and connect to your home network SSH server
- Add the tunnel for the proxy server (3128 for squid)
- See the previously mentioned article on this
- Open IE or Firefox (or whatever)
- Add the following LAN Proxy settings: 127.0.0.1:3128
Enjoy surfing via your secure SSH tunnel!
Verify
To verify this is working, do the following:
- Browse to www.whatismyip.com and note the IP
- Perform the Remote Laptop Steps
- Browse to www.whatismyip.com and note the IP
You should notice a DIFFERENT IP and you should recognize it as your home network's external IP.
Further applications
- Reroute your email client through the tunnel
No Need For A Squid
From one of my gaming friends (Thanks Nightwalker):
OpenSSH has native support for Socks4/5 built-in, so there is no need to run a squid server. Simply create a dynamic tunnel on localhost, port 1234 etc, and then use that port information for your socks5 server in Firefox / IE etc. I do the same thing on my Linux home box using a package called 'autossh' which maintains the connection for me. In Putty, radio 'Dynamic, IPV4' Source Port: 8081 Destination: 127.0.0.1 Will show up as '4D8081'. Now in your favorite browser use localhost:8081 And you can connect via your tunnel using socks directly. No Squid required. The only 'leakage' using this method is DNS. While using a squid proxy, the DNS would be visible. I mainly use this method when I am traveling using a public wifi connection.