May 5, 2006

Creating a SSH tunnel to the internet.

Ever been at a client with Orwellian access restrictions on the internet?

Why not use what they provide you to the max without cracking their security.

What you will need:

1. Access/login to a linux machine with ssh running on port 80 (or 443)

(See UnixShell - They're grrreat!)

2. The proxytunnel client program.

Creating the tunnel:

Firstly you will need to create a TCPIP tunnel through your proxy server. For my example I'm running OS X (on my shiny MacBook Pro).

To do this, add the following (2 lines) to your ~/.ssh/config file:

ProxyCommand /Users/teuton/bin/proxytunnel -N -p "local-proxy:8080" -u "proxy-user" -s "proxy-pass" -d ""

Great! We are all set! You may need to tweak these settings depending on your local proxy server type and configuration (NTML auth etc)

Now the easy part.

Creating the proxy:

To ssh into your machine simply type:

> ssh

To make things easier it is advised that you create ssh public and private key pairs and set these up... (see ssh-keygen command, and always check access rights are correct!)

Now create a proxy to services you require.

The following will create a SOCKS5 proxy for you:

> ssh -N -D 8080

This will create a tunnel to your remote POP port: (local port 2110)

> ssh -N -L 2110:

This will create a tunnel to a jabber port at a 3rd party host

> ssh -N -L

How all you need to do is create a script file:

~/bin$ cat t
while true
ssh -N -L 2143: -D 8080
sleep 1

And you are set:

Lastly to configure your applications, just add a SOCKS server entry (no other HTTP/S entries should be added). Some applications may still not work. For these you may need to create custom direct proxies to specified ports.
Post a Comment