segunda-feira, novembro 21, 2011

Using a SSH connection as a proxy (SSH Tunneling)



For many people it is necessary to go the University to access many websites to download papers or journals. What many of those people don't know, is that is possible to create a socket (Windows/Linux) with a SSH (Secure Shell) server and then connect to the University server direct from your computer, using that SSH connection as a proxy server to your web browser (IE, Firefox, Chrome, Opera, etc). For that, you need:
*One client ssh (you can use Putty on Windows, for instance)
*Have a valid username and password to access the University server.

Bellow, there's one example about how it could be done using Windows (XP) platform.

In Putty's main screen we need to create a new "Saved Session". In this example, we called it "Tunneling". Create then save it. After that, in the same screen, set the host name and port.




Then in Category "Connection" click in SSH->Tunnels. Choose one random port (in this example we chose 8084) from your computer and type it in the "Source port" field. Before add, you need to set it as "Dynamic" (the default is "Local" as in the picture bellow, so change it).




After doing that, you can connect to the SSH server. Once connected is time to configure your browser. We are going to use Firefox web browser in this example, but it can be done in any other, like IE, Chrome, Opera, Safari, etc.

Open Firefox. At the upper menu click on Tools->Option, then choose "Advanced" and finally the "Network" tab. Click the "Settings..." button.

Select the "Manual Proxy Configuration", and set the IP "127.0.0.1" to SOCKS. The source port should be the same as you chose for your Tunneling configuration for Putty (in this example: 8084).


Click the "OK" button, then your IP address within the Internet is going to be the same as the server you are connected. To the Internet, it is as if you were accessing from your University (for example).

In fact, you are using the SSH server as a proxy server, and the data transmitted between you and that server are encrypted.