Total Pageviews

Tuesday 15 September 2015

SSH Tunnel Proxy

Are you sick of firewalls blocking your internet connection? Do you want to surf privately through an SSH Tunnel? Well read on.
I got fed up with the Great Firewall and so many people are asking me about how to get access to facebook, so I made this howto.

Guide to Setting Up a Secure SSH Tunnel

Linux/Unix Generic

Easy

  • Open a terminal
  • Use your webhosting account, or external server that has SSH (secure shell) capability. You need to have a username, password and hostname for your account for the following steps.
Here is a quick example:
ssh -D 1080 username@hostname.com
Here is the variant I use which adds compression, and not logging into your server (aka, only forwarding ports). The command also prints out information about what is connecting. I love to see the output that shows all this working which the -vv option provides:
ssh -vv -CND 1080 username@hostname.com
  • Then enter your password when prompted.
  • Install Mozilla Firefox on your system.
  • Install the add-on, FoxyProxy.
  • Follow the instructions for setting up FoxyProxy here: one or with pictures, but blocked by the GFW. The crucial step is to add the hostname as ‘’‘localhost‘’‘ and the port as ‘’‘1080‘’‘ in the Manual Proxy Configuration. Also, make sure to select SOCKS 5 proxy. I also add to foxyproxy’s global settings to “Use SOCKS proxy for DNS looksups.” The GFW is notorious for poisoning DNS lookups (aka, your looking for domain names that match IP numbers). Egad! Oh, make sure to name your proxy something like localhost SLST or localhost SSH + Socks Tunnel.
  • To route all your web browsing traffic to your SLST, then you can select the mode in foxyproxy to use your proxy for all urls.
  • More advanced is to “Use proxies based on their pre-defined patterns and priorities”. Here is an example of the lines needed for facebook, youtube, and twitter. For each URL Pattern, make sure the pattern is enabled, name it what you want, then add the below pattern after the colon to the “:URL pattern:” field. Make sure the Whitelist and Wildcards radio buttons are selected.
 URL Pattern: *.youtube.com/*

 URL Pattern: *.facebook.com/*

 URL Pattern: *.twitter.com/*
  • Add more patterns to sites you find blocked. Its pretty simple to copy the handiwork above for any other sites you find blocked.
  • If this doesn’t work, file some comments here or on the my wiki page. This isn’t a super simple setup for some and I might have made mistakes in my brain dump. The key pieces will fail if you don’t have SSH access, or if you don’t setup your foxyproxy correctly.

Advanced

The setup I run involves the above easy setup, but I used the following autossh-based script I titled, local_ssh_tunnel. I used autossh because it keeps the ssh connection alive through closing/suspending my laptop, dodgy wireless reception and other general bugs that harm one’s net connection.
  • In Ubuntu (or other distro), install autossh through synaptic or your favorite package manager. In Gentoo, emerge autossh should do the trick.
  • Open a file such as /home/USERNAME/bin/local_ssh_tunnel
#!/bin/bash

#
# local_ssh_tunnel
#
# use proxy to connect to localhost no port 1080
#

SERVER=USERNAME@HOSTNAME

# 1080 is standard port
PORT=1080

if [ "$1" != "" ]
then :
    SERVER="$1"
fi

AUTOSSH_GATETIME=0 AUTOSSH_PORT=20000 AUTOSSH_DEBUG=1 \
autossh -v -CND 1080 $SERVER
  • Save the script.
  • Run the following command:
chmod 700 /home/USERNAME/bin/local_ssh_tunnel
  • I then set the above script to run as a startup application inside of gnome in a terminal. In Ubuntu you can set this by doing the following steps.
  • Navigating to upper left-corner Application Icon > System > Preferences > Startup Applications
  • Clicking Add
  • Then filling out the fields:
Name: BACKGROUND SLST (Second Line SSH/Socks Tunnel)
Command: xterm -e /home/USERNAME/bin/local_ssh_tunnel
Comment: Runs SLST in the background in terminal window
  • Click Save
  • Close the startup
  • If you want this immediately, you can run /home/rejon/bin/local_ssh_tunnel inside of a terminal window.
  • Now, you can just leave the above open in the window and AUTOSSH will make sure to keep your ssh connection alive.
  • Then start on step 4 above in the <a href=”#slst_unix”>Linux/Unix Generic section</a>.

Windows

There is already a great guide for setting this all up in windows. I used it yesterday. Just remember to replace the HOSTNAME with your host and to use the port of your choosing. I use 1080 because its the standard port for this operation and generally not restricted for this activity on most systems.
Here is another guide, which is even better, but has pictures. I will merge my steps with this guide now:
  • Follow steps at for graphically setting up SLST until the setting up Firefox section, making sure to replace HOSTNAME, USERNAME and the port for the one of your choice.
  • Then start on step 4 above in the Linux/Unix Generic easy section for setting up Firefox with the correct settings.
ASIDE: Here is also another guide, which is helpful explaining the basic concepts in one page, but blocked by the GFW.

Mac OS X

Easy

Since Mac OS X is a Unix-based variant you can do the easy steps above. The crucial difference is that many don’t know where one might find Mac’s terminal in step 1.
  • Navigate to a finder window
  • Then navigate to the Utilities folder
  • Double-click the terminal to be able to enter commands
  • Continue with step 2 in the easy steps above

Advanced

Setup a SLST setup not on the command line, but using the SSH Tunnel Manager graphical application. I cannot find a graphical guide to doing this. One of the great things about using AUTOSSH in the Linux/Unix/Generic advanced guide is that it keeps the connection alive through suspend, or internet outtages. There should be an option to keep-alive the connection in the SSH Tunnel Manager.

Article Attribution

This HowTo article originally appeared at rejon.org/wiki/IDEA_20090715_Second_Line_SSH_Tunnel and is republished here in modified form under a Creative Commons Attribution 3.0 License
Links:
Access Facebook Through The Great Firewall (Second Line SSH Tunnel)
SSH Tunnel + SOCKS Proxy Forwarding = Secure Browsing
Encrypt your web browsing session (with an SSH SOCKS proxy)
How-To: SSH tunnels for secure network access
Tunneling Firefox traffic over SSH
Configuring SSH Tunnel Manager for OSX and Socks Plus
RELATED ARTICLES:
OpenVPN setup HowTo: allow an external laptop to connect to your home network
tsocks gets past the firewall
Who knew you could create your own free web proxy server with Google AppEngine?
Proxy preventing lost internet connection?
How to make Iceweasel identify itself as Firefox using the User agent switcher extension
Bypass almost any firewall with an SSH tunnel on port 443
Configure SSH tunneling with Ubuntu and surf Privately
原文:http://www.netdip.com/ssh-tunnel-proxy-how-to-set-it-up-with-linux-windows-or-mac-i4/

related post: