What is SSH tunneling

A SSH tunnel is the SSH connection between a client and a SSH server, through which we direct our traffic. To better understand this, the diagram below illustrates it very simple. A client PC located in the US establishes a SSH connection wit SSH server located somewhere in Europe. The client PC is accessing google.com, through an SSH tunel (green line) and directly, with no SSH tunnel (blue line). When the user has accessed google.com through the SSH tunnel, google.com will process the visit as it have came from the SSH server in EU, thus resulting in google.com encountering a european IP. In the other case (blue line), the client PC is accessing google.com as normal, google.com processing its IP as originating from the US.

ssh-tunnel

Uses of SSH tunneling

  • encrypting traffic – we often find ourselves accessing the internet from all kinds of places (train stations, pubs, restaurants, offices etc). While I don’t know anything about these places and their network, I would very much want my browsing or other activities to be done in an encrypted fashion. You never know who will access your info, but you can be sure of that if its being transmitted unencrypted.
  • anonymizing / changing IP address – there might several different reasons why one would want its machine IP to originate from a different country. One might be to get search results appropriate for that country, another might be to access online services that restrict certain countries. A similar way to do this is by using a VPN

How to establish a SSH tunnel

Prerequisites to establishing a SSH tunnel would be the use of a SSH client and SSH access to a server somewhere. In case you want to run a SSH tunnel on your OpenWRT router you can check out how I did it here. If you don’t have, you can probably apply for free services online that can provide that.

1. On the command-line in Linux.

Most linux distributions have a ssh client that can be accessed from the command line by default. The following line establishes a SSH tunnel with the appropriate host.

ssh -fND localhost:1080 user@server

The arguments are doing the following :

  •  -f instructs SSH to run in the background
  • -D Specifies a local “dynamic” application-level port forwarding.  This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address
  • -N instructs SSH to not execute a remote command.

2. On Windows

There are 2 popular clients that are used on Windows for SSH connections, mainly Putty and Bitvise tunnelier. The following screenshots are from Bitvise.

First, enter the server details on the Login tab, like below.

bitvise-login

Next, go to the Services tab and enable SOCKS/HTTP Proxy Forwarding, like below.

bitvise-enable-socks

 

How to use your SSH tunnel

In order to direct our web traffic through the SSH tunnel, we must instruct our browsers to do so.

In Firefox

Go to Edit -> Preferences -> Advanced -> Network

firefox-nw-proxy

In Chrome

I use a plugin called FoxyProxy, which makes it very easy to switch between using and not using your SSH tunnel to direct your traffic.

After you install it, you will most likely end up with a windows like the one below.

foxy-proxy-overview

To add a new connection, click the “Add new proxy” button, where you will see the window below. The information necesarry is your local machine IP or local machine name (127.0.0.0.1 or localhost) and the port number that we have specified in the section above.

foxy-proxy-add-new

 

Resources

  • http://unixhelp.ed.ac.uk/CGI/man-cgi?ssh+1