Day 9 - How to SSH tunnel!
Posted by Sundance, 20 February 2014 · 12644 views
cli ssh tunnel tunneling security tutorial
How to SSH Tunnel!
After reading many various posts on SSH tunneling I failed to find a decent one that really explained how to do it without giving you a wall of text to read, so I have decided to write a little tutorial!
What is an SSH Tunnel?
An SSH Tunnel is a way to send unencrypted information over an encrypted network, it is an excellent method for security and browsing the internet without restrictions that may be placed by your router for an example in the UK ISP providers forbid access to various torrent sites, using an SSH Tunnel you can circumvent this whilst also managing to keep your browsing information hidden from your ISP, however this should not be a method used to access illegal content, rather a way to stay anonymous on the internet, because privacy is important!
By following this tutorial you accept that I hold no responsibility to anything you do whilst SSH Tunneling, SSH Tunneling is not illegal and should only be used for your own privacy.
A server (either remote or local is fine, this tutorial is for learning purposes however a remote server is better for seeing the magic happen)
A browser of your choice (For this tutorial I will be using Firefox/Iceweasel)
Either a terminal that supports the SSH command OR PuTTy
PuTTy can be found here
Step one - Start your terminal / PuTTy Client
Open up PuTTy OR your Terminal
Step Two - Configure the ports!
For PuTTy enter in your servers IP and port (by default the SSH Port is 22)
Then under the "connection" option on the left of PuTTy, click the right facing arrow that is next to "SSH"
Select "Tunnels" and you will be presented with the following screen
In source port input a port of your choice for me it is 9090, then select "Dynamic" from the radio buttons and click "Add" to the right of "Source Port"
You will then see your PuTTy window looks something like this
For the Terminal use the following example replacing user with your servers main username (normally it will be root unless you have specified a different username) and then replace ip with your server's IP and then type -D and replace the XXXX with the port you would like to tunnel out of.
Here's an example of the terminal code and what it would look like for me
ssh email@example.com -D9090Then for PuTTy just press "Open" on the bottom right and enter in your password when prompted and move on to the next step!
For terminal just press enter and enter your password when prompted, once logged in move on to the next step!
Step Three - Configure your browser!
Open up your browser (For me it is Iceweasel but Firefox has an identical GUI.) and open up prefrences and navigate to Advanced > Network > Settings
You will see this menu
Select "Manual Proxy Configuration" from the radio buttons and inside "SOCKS HOST" enter in 127.0.0.1 and then in the box directly to the right enter in the port you designated earlier, for me it is 9090 you do NOT have to include the -D part if you are using a terminal / seen the -D pop up in PuTTy
Then press "OK".
After this is done, exit the "preferences" menu and try connecting to a site, to test it has worked type into google "What is my IP?" it should tell you the IP of your server you have SSH'd into.
If all is okay and you can see your servers IP then you are done!
Congratulations you have just done your first SSH Tunnel!
- You MUST leave your PuTTy window / Terminal open at all times, otherwise you will not be SSH Tunneled OR your browser will throw an error such as "The proxy server is refusing connections"
- This will only work for programs / applications you have changed the SOCKS proxy configuration to match.
If you have any questions feel free to PM me OR tweet me here!