Home > Lain-Lain, LiNuX (based on debian), Networking, Security, ssh, tunnelling > using ssh tunnel as socks proxy

using ssh tunnel as socks proxy

TULISAN IKI MURNI COPAS DARI  http://blog.agdunn.net/?p=107

If you have a laptop then you surely have been in a situation where you need to have a secure connection while on the move. This is most important when you are at a random hotspot and need to log into a non-secure site (authentication over http) or do not trust the vendor providing the connection. If you have access to a server running SSH then you can use a great feature in openssh to set up a SOCKS proxy and route all your traffic through. This is very similar to VPN’ing but you can do it on the fly and dont have to have an special client software on your machine.

This is written specifically for Unix based systems with some stuff even more specific for Gnome. If you are using Mac OSX, Linux or Unix variants you can set up the proxy with the commands but telling your system to use the tunnel may vary. Under windows there is a way to perform all these same things with putty, my apologies for not covering that here. If you are a windows user and cant find any good documentation please let me know I would be happy to write it up.

Tunnel through the tubes

The very simple way to achieve this is to open up the terminal and log into the server as you would typically but just add the -D argument with a port number to your login:

ssh -D 8080 <user>@<host>

Now this makes your SSH client listen on the local port 8080, anything that you route through that port will be tunneled securely to your SSH server. This is the very basic setup, I have a little script that I use to set up my tunnel and it looks like this:

#!/bin/bash
ssh -p <host port> -fCND 127.0.0.1:8080 <user>@<host>

Quickly breaking this down:

-p <host port> : I run my SSH daemon on a non default port as to promote security through obscurity, if your server is listening on port 22 then you can ignore this command.
-f : forces ssh to go to the background, I use this with key authentication and run my script with the sudo command

-C : requests compression of all data (gzip) can speed up your experience

-N : does not execute a remote command, this is great because you are logged in but you can close the window and surf now.

-D 127.0.0.1:8080 : creates a socket bind address on a listening port, this is the SOCKS proxy we will be routing through.

Tell Gnome (or another Desktop Environment) to use your Tunnel

You can tell all applications on your system to use this tunnel through Gnome’s network-proxy interface. It is located under System>Preferences>Network Proxy. You can set up the SOCKS proxy in the Network Proxy and apply the settings system wide:

Apply System-Wide and your ready to go.

Apply System-Wide and your ready to go.

Firefox

Firefox will respect Network-Proxy’s settings however there is one property that you can change that will cause the DNS requests to go over the SOCKS proxy also, instead of your local DNS server which may be the router that you dont trust. Open up firefox and type “about:config” into the address bar to get all of the properties that you can change. Search for DNS and change this guy:

network.proxy.socks_remote_dns

Initially it will be set to false, but double clicking on it will set the value to true. Now your good to go.

Resources

Creating SSH Tunnels in Linux (TuxTraining)
Using SSH as an Ad-Hoc VPN (FOSSwire)

Advertisements
  1. 20 December 2010 at 11:44 am

    nice posting, just a new information for me

    jawab :
    ok, nice to meet you.

  2. umek1
    2 November 2011 at 11:34 pm

    wah keren om, tab aku close tapi tunel jalan… *_*
    kok bisa di close y tabnya, apakah efek dari “ssh -f”, tab diclose tapi tunnel masih jalan?

  3. 9 November 2011 at 3:37 am

    how to use ssh tunnel for apt-get ~_~

  4. 13 November 2011 at 10:17 am

    @toni : baca postingan saya yang satu ini.
    Dengan bantuan program tsocks kamu bisa melakukan apa saja menggunakan tunnel yg ada. Setelah tsock ter-config dengan benar, maka anda tinggal mengetikkan :
    tsocks apt-get blablabla

  1. 29 May 2011 at 10:07 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: