Total Pageviews

Thursday, 30 July 2015

Setting up an SSH Proxy Server with Putty and Spoon Proxy





We have examined the setup and configuration of Hamachi + Privoxy Proxy Servers. In this article we will examine the setup and configuration of an SSH Proxy Server using Putty and Spoon Proxy.

The following pre-requisites will make things a lot easier:
  • Know your home machine’s external IP address. For this, you’ll need either a static IP address from your ISP *or* have a dynamic DNS client installed. For testing purposes, you can view it via http://www.whatismyip.com.
  • Give your home workstation a static IP address on your home network. Open up a command prompt and type ‘ipconfig /all’ and note the current IP address, gateway, and DNS servers. Assign your computer a static IP address that is 50 more than its current dynamic IP (that’s a safe bet since most home networks would never have >50 devices connected to it, even if the broadband router has a DHCP scope larger than that). Use the existing gateway & DNS servers.
Doing this involves four steps:
  • Installing an SSH server on your home machine. SSH is an encrypted version of telnet which also allows a function called port forwarding. It’s this port forwarding that allows you to redirect your network traffic through this proxy. SSH will also function as your authentication mechanism, keeping random people from being able to use your machine as a proxy.
  • Installing a HTTP/Socks-5 proxy server on your home machine.
  • Opening up the SSH port on your home firewall AND in WindowsXP’s firewall (if it exists).
  • Installing an SSH client with the appropriate port forwarding settings on your client machine (work machine, laptop, etc).
  • Configuring each application to talk through the proxy

Step 1: Installing an SSH server on your home machine

  • Download and install the SSHWindows installer from Sourceforge: http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=111688, accepting all defaults.
  • Open up a command prompt (start > run > cmd) and type the following:
    cd\program files\openssh mkgroup -l >> etc\group mkpasswd -l -u %username% >> etc\passwd net start opensshd That will create a local ssh user group and give the current logged in user the ability to log in (the password will be the same as your windows login password – if it’s blank, change it to something harder!). It will then start the ssh server service.

Step 2: Installing SpoonProxy, a Windows proxy server

Step 3: Opening up ports in Windows firewall & your broadband router
  • If windows XP firewall is enabled, you need to open up the incoming SSH port. To do this, right-click on My Network Places and choose Properties. Now right-click on your primary network card and choose properties. Go to the Advanced tab and click on Settings under windows firewall. Click on the Exceptions tab and then ‘Add Port’. Name: ssh Port number: 22 (TCP). Click OK
  • Now you must open up the port on your broadband router. To do this, most broadband routers have a web interface. I can’t walk you through this because it’s slightly different on every system. You want to tunnel external port 22 to the (internal) IP address of your home computer port 22.

Step 4: Installing puTTy, a Windows SSH client on your work computer or laptop
  • Download puTTy: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe.
  • puTTy is a free SSH client that is a single executable; there is nothing to install. Save puTTy.exe to your desktop.
  • Double-click on puTTy. First, scroll down the left column under Connections > SSH > Tunnels. From here, you need to add three ports to be forwarded. For Source Port, enter 80. For destination, type localhost:8080 then click on add
    Do the same for what you see below: 443, localhost:8081 & 1080, localhost:1080. This forwards http, https, and socks-5.


  • Now, go up to the top and click on Session. Under “host name or IP address”, enter your home computer’s external IP address or dynamic DNS name. Under ‘saved sessions’, type in “SSH home” and click on Save. This will save these connection settings for everytime you want to connect to your home machine.


To connect, click on Open. You should be asked to accept the SSH certificate (choose ‘Accept & Save’). Login using your home windows computer’s login and password. You should then see a command prompt. You are now connected and set up to tunnel traffic – you can now minimize (don’t close) puTTy. This session must remain open to proxy your web traffic.

Step 5: Configuring applications to go through the tunnel
  • Firefox: I recommend configuring one browser (such as firefox) to always go through the proxy, leaving your other browser to browse your corporate intranet (or access sites that you do not wish to proxy). Alternatively, you can simply tell firefox for which URLs to not use the proxy. In Firefox, go to Tools > Options > General > Connection Settings. Set up the HTTP and SSL connections as seen here:

You should now be browsing through your home machine. Remember, the speed will be limited to your home machine’s upstream connection (since your home machine is essentially downloading the web page then re-uploading it to you). If you wish to test that it’s working, go to www.whatismyipaddress.com the IP address and location should match your home router’s.
AIM and Yahoo both support SOCKS5 proxying. Simply go into the connection settings and enable socks5 proxying… server = localhost port = 1080 (default).

from http://www.pccured.com/blog/how-to-setup-ssh-proxy/