A SSH tunnel is the SSH connection between a client and a SSH server, through which we direct our traffic. To better understand this, the diagram below illustrates it very simple. A client PC located in the US establishes a SSH connection wit SSH server located somewhere in Europe. The client PC is accessing google.com, through an SSH tunel (green line) and directly, with no SSH tunnel (blue line). When the user has accessed google.com through the SSH tunnel, google.com will process the visit as it have came from the SSH server in EU, thus resulting in google.com encountering a european IP. In the other case (blue line), the client PC is accessing google.com as normal, google.com processing its IP as originating from the US.
Uses of SSH tunneling
- encrypting traffic – we often find ourselves accessing the internet from all kinds of places (train stations, pubs, restaurants, offices etc). While I don’t know anything about these places and their network, I would very much want my browsing or other activities to be done in an encrypted fashion. You never know who will access your info, but you can be sure of that if its being transmitted unencrypted.
- anonymizing / changing IP address – there might several different reasons why one would want its machine IP to originate from a different country. One might be to get search results appropriate for that country, another might be to access online services that restrict certain countries. A similar way to do this is by using a VPN
How to establish a SSH tunnel
Prerequisites to establishing a SSH tunnel would be the use of a SSH client and SSH access to a server somewhere. In case you want to run a SSH tunnel on your OpenWRT router you can check out how I did it here. If you don’t have, you can probably apply for free services online that can provide that.
1. On the command-line in Linux.
Most linux distributions have a ssh client that can be accessed from the command line by default. The following line establishes a SSH tunnel with the appropriate host.
ssh -fND localhost:1080 user@server
The arguments are doing the following :
- -f instructs SSH to run in the background
- -D Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address
- -N instructs SSH to not execute a remote command.
2. On Windows
First, enter the server details on the Login tab, like below.
Next, go to the Services tab and enable SOCKS/HTTP Proxy Forwarding, like below.
How to use your SSH tunnel
In order to direct our web traffic through the SSH tunnel, we must instruct our browsers to do so.
Go to Edit -> Preferences -> Advanced -> Network
I use a plugin called FoxyProxy, which makes it very easy to switch between using and not using your SSH tunnel to direct your traffic.
After you install it, you will most likely end up with a windows like the one below.
To add a new connection, click the “Add new proxy” button, where you will see the window below. The information necesarry is your local machine IP or local machine name (127.0.0.0.1 or localhost) and the port number that we have specified in the section above.