Home > Productivity, Uncategorized > 3 Things You Didn’t Know About SSH – Part 1

3 Things You Didn’t Know About SSH – Part 1

August 15th, 2008 Tim Haughton Leave a comment Go to comments

In mine, the humblest of opinions. SSH
is one of the most underused tools in the web worker’s arsenal. I’m
going to show you 3 little known techniques for using secure tunnels to
not only increase security and privacy, but also to circumvent
roadblocks to network access.

We’re going to need 2 things. A server running OpenSSH, and an SSH client. I have an Ubuntu server under my stairs, and I have full shell access at my shared server at DreamHost,
so I have 2 options, depending on what I’m doing. We also need a
client. If you’re running Windows, you will need to grab Putty. If
you’re on Linux, you’re already set. I don’t use Macs, but I’d be
surprised if they didn’t also ship with an SSH client.

Tunnelling Your Web Traffic
Maybe
you’re in Starbucks using an unsecured wifi hotspot. Maybe you’re
behind a fascist corporate proxy. Maybe the NSA is watching you.
Whatever the reason, tunnelling your web traffic with SSH is trivial.

You
see, every SSH client has the capacity to turn itself into a SOCKS5
proxy. Nifty eh? What does that mean? Well, if we launch the client
like this:

putty -D 8000 username@myserver.com

You’ll be
prompted for your password, just log in as normal. It just looks like
you’re into your shell. Something else has happened though – your
client has set up a SOCKS5 proxy accepting connections on 127.0.0.1
port 8000. Any applications set up to use this proxy will send their
traffic through the SSH tunnel, and out the other side at the server end. Let’s try it.

Go to www.whatismyip.com. This is your IP address. Now go to wherever in your browser you set up a proxy, and enter 127.0.0.1:8000 under the SOCKS proxy entry. Here’s an example of doing it in Firefox:

Ffproxy

Now reload the page at www.whatismyip.com. The IP address it reports
should have changed to the IP address of the SSH server. Your traffic
is now tunnelled.

Is that it? Probably. The only limitation of this is that DNS traffic is not tunnelled. This is what is usually termed DNS leakage.

But Firefox, bless its cotton socks, has a trick up its sleeve. If
you type this in your Firefox address bar, and click past the amusing
warnings:

about:config

You’re into the Firefox configuration area. You could really bust stuff in here so pay attention :)

Scroll down until you see this:

network.proxy.socks_remote_dns

Change the value to true. And that’s it. Firefox is now kindly
tunnelling your DNS traffic through your tunnel, and you’re super
secure. Even a rogue hotspot with poisoned DNS can’t hurt you know. Cue
evil laughter.

Next time I’ll show you how to turn SSH into a poor man’s VPN, but without the hassle of setting up a VPN server.

Related articles by Zemanta
Reblog this post [with Zemanta]
  • Share/Bookmark
Categories: Productivity, Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.