Monday, December 12, 2011

Secure Shell Tunneling

Recently I have had need to get to some websites that were not reachable from my current network location.  They weren't bad websites, just a password storage site and some school related information.

So I started looking around at the various proxy solutions to see what they had to offer, unfortunately, most free proxies have been blocked on many networks in the US for the obvious reason that they help people bypass browsing limitations placed on them.  You can find a listing of many such proxy ips here at: http://hidemyass.com 

This site also offers another kind of proxy called the web-based proxy which allows you to tell their website where you want to go and it will act as a wrapper fetching the content you want inside of itself.  The downside to this method is the ways that the page masks it's content from DNS and IP blocker often leaves the page unusable if the destination page is complex enough.

Fortunately there is a third solution which I was recently taught about called SSH tunneling.  I already love dealing with remote servers so this plays right into my skill-set and has become an easy favorite.  Skill-set might be pushing it a bit far since there really is no skill-set required to implement the tunnel, all the required server software is already naively built into *nix servers and the client end can be downloaded for free.

To route your web traffic over an ssh tunnel first you need some form of ssh client, I use windows so I typically use putty.exe.  Other methods can be read about here: Free SSH.  You will need an account on a remote SSH/*nix server that you can reach.  If you don't have one you can risk using a free one from a list such as this: SSH Proxy List; keep in mind that any server you log into could potentially be tracking or reading any and all data you send through it, including passwords to all your accounts.


  1. With your remote account and putty.exe in hand, start up putty.
  2. Under Connection/SSH/Tunnels create a new source port, can be any port you choose that is not being used; for destination choose dynamic.
  3. Under Session type in the IP or host name as well as Port number (typically 22 for SSH connections).
  4. Choose a connection type of SSH and click open.
  5. It will probably prompt you to store the key in the registry, go ahead and do it.
  6. Login to the remote server with your username and password.
  7. Next, in your web browser, get into its settings/network connections/proxy servers; you will want to configure a manual proxy server and set the SOCKS Host to 127.0.0.1 (which is your own computer that now has an open ssh connection)
  8. Enter the port you choose when you created the tunnel configuration in putty.
  9. And save.


You should now be able to reach any website that you can resolve a name to an ip for.  If you need a free and open DNS server you can use Googles: 8.8.4.4 or 8.8.8.8.

No comments: