May 5, 2006

Creating a SSH tunnel to the internet.

Ever been at a client with Orwellian access restrictions on the internet?

Why not use what they provide you to the max without cracking their security.

What you will need:

1. Access/login to a linux machine with ssh running on port 80 (or 443)

(See UnixShell - They're grrreat!)

2. The proxytunnel client program.


Creating the tunnel:

Firstly you will need to create a TCPIP tunnel through your proxy server. For my example I'm running OS X (on my shiny MacBook Pro).

To do this, add the following (2 lines) to your ~/.ssh/config file:


Host shell.my-host.com
ProxyCommand /Users/teuton/bin/proxytunnel -N -p "local-proxy:8080" -u "proxy-user" -s "proxy-pass" -d "shell.my-host.com:443"


Great! We are all set! You may need to tweak these settings depending on your local proxy server type and configuration (NTML auth etc)

Now the easy part.

Creating the proxy:

To ssh into your machine simply type:

> ssh teuton@shell.my-host.com

To make things easier it is advised that you create ssh public and private key pairs and set these up... (see ssh-keygen command, and always check access rights are correct!)

Now create a proxy to services you require.

The following will create a SOCKS5 proxy for you:

> ssh -N -D 8080 teuton@shell.my-host.com

This will create a tunnel to your remote POP port: (local port 2110)

> ssh -N -L 2110:127.0.0.1:110 teuton@shell.my-host.com

This will create a tunnel to a jabber port at a 3rd party host

> ssh -N -L 6222:jabber.third-party.com:5222 teuton@shell.my-host.com


How all you need to do is create a script file:


~/bin$ cat t
#!/bin/sh
while true
do
ssh -N -L 2143:127.0.0.1:143 -D 8080 teuton@shell.my-host.com
sleep 1
done


And you are set:

Lastly to configure your applications, just add a SOCKS server entry (no other HTTP/S entries should be added). Some applications may still not work. For these you may need to create custom direct proxies to specified ports.
Post a Comment