Skip to main content

Creating a SSH tunnel to the internet.

Ever been at a client with Orwellian access restrictions on the internet?

Why not use what they provide you to the max without cracking their security.

What you will need:

1. Access/login to a linux machine with ssh running on port 80 (or 443)

(See UnixShell - They're grrreat!)

2. The proxytunnel client program.


Creating the tunnel:

Firstly you will need to create a TCPIP tunnel through your proxy server. For my example I'm running OS X (on my shiny MacBook Pro).

To do this, add the following (2 lines) to your ~/.ssh/config file:


Host shell.my-host.com
    ProxyCommand /Users/teuton/bin/proxytunnel -N -p "local-proxy:8080"       -u "proxy-user" -s "proxy-pass" -d "shell.my-host.com:443"


Great! We are all set! You may need to tweak these settings depending on your local proxy server type and configuration (NTML auth etc)

Now the easy part.

Creating the proxy:

To ssh into your machine simply type:

> ssh teuton@shell.my-host.com

To make things easier it is advised that you create ssh public and private key pairs and set these up... (see ssh-keygen command, and always check access rights are correct!)

Now create a proxy to services you require.

The following will create a SOCKS5 proxy for you:

> ssh -N -D 8080 teuton@shell.my-host.com

This will create a tunnel to your remote POP port: (local port 2110)

> ssh -N -L 2110:127.0.0.1:110 teuton@shell.my-host.com

This will create a tunnel to a jabber port at a 3rd party host

> ssh -N -L 6222:jabber.third-party.com:5222 teuton@shell.my-host.com


How all you need to do is create a script file:


~/bin$ cat t
#!/bin/sh
while true
do
  ssh -N -L 2143:127.0.0.1:143 -D 8080 teuton@shell.my-host.com
  sleep 1
done


And you are set:

Lastly to configure your applications, just add a SOCKS server entry (no other HTTP/S entries should be added). Some applications may still not work. For these you may need to create custom direct proxies to specified ports.

Comments

Anonymous said…
Some more tips for Windows users:

Have a look at Putty for tunneling (This is for creating a proxy really and does not really tunnel through a firewall/proxy server)

For a better solution, download and install cygwin. (I prefered proper ssh over putty when I was still mired in windows.)
7:47 AM
Anonymous said…
Oh, and for OS X users there is also something called SSH Tunnel Manager
8:51 AM
Post a Comment

Popular posts from this blog

My Custom Mechanical 60% Keyboard Build

My Custom Mechanical 60% Keyboard Build All the parts   1x GH60 (Satan) board - $35 61x Cherry Clear switches  - $35 2x Cherry Blue switches - $3 10x Cherry Red switches - $10 1x PCB Stabilizer set (6.25 space) - $6 1x Royal Oak Glam 60% case (Black Walnut) - $78 1x Aluminium 60% plate - $19 1x SA profile Choclatier keycaps - $102 ( base, modifiers, and novelties ) 1x Braided Nylon USB cable - $15 Solder, Tools, Risers, Labor, etc. Total: ± $300 (Other single switch types added as needed) Testing the board I had my helper do the work here. We needed to test the board before applying any solder. Assembling Add the stabilizers first Add the plate (using a few switches as spacers) Then add the rest Solder solder solder... And test again: The casing The casing I received did to have built-in risers: So I added my own: Then Assemble (using temporary spare GMK Carbon Cherry-profile k...
Post a Comment
Read more

Lock Screen on Mac OS X using keyboard shortcut.

1. Download "Global Hotkey" 2. Create a folder "Global Hotkey" and copy contents of downloaded DMG to that. 3. In a terminal do: cd "/Applications/Global Hotkey" ln -s /System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app "command f10" 4. Make sure Screensaver is set to prompt for password (you may need to relog for this to take effect) 5. Preferences -> Accounts -> -> Login Items : Add "Global Hotkey.app" 6. Launch the app as well
3 comments
Read more

The story of my Amiga A1200's new lease on life.

Ok, so I rummaged through my storage in South Africa and found my old Amiga once again. This was not the original one I used to have, this is an Amiga A1200, where I used to have the Amiga A500 back in 1986. A bit of history, I started out with a Atari 2600 back in 1983 (was 10 years old at the time), then saw an advertisement for a cartridge that could do programming... this concept fascinated me, but we could never find it anywhere (it was hard finding the good stuff in South Africa). I settled for a VIC-20 soon afterwards (I sold my Atari), then upgraded to a Commodore C64 soon thereafter. This lasted until 1986 (age 13) when, after countless months of pouring over Commodore User magazines, I decided I wanted an Amiga. I had the choice between an IBM compatible XT (with two floppy disc drives but no graphics) or an Amiga. Both seemingly the same price, but due to the then apartheid-era restrictions and taxes, the Amiga turned out to be very troublesome t...
1 comment
Read more