SSH Tunnel Tutorial

in Debian

Be warned that this ssh tunnel tutorial will deliberately bypass a firewall, and security admins will frown (at the very least) on you bypassing a corporate firewall.

How to encrypt anything over SSH tunnel using a Socks Proxy.

(How to Browse Securely from hotspots or hide from corporate firewalls/sniffers)

SSH Tunnel Summary

Using an ssh server that has internet access as a browsing point, you will create an ssh tunnel from your local PC to a remote server. Source all of your traffic from it, and encrypt communications to it using free software. This tutorial will show you how to setup an SSH Tunnel and use this to create a Socks Proxy. Requires an SSH account anywhere (even your home PC with cygwin or ubuntu installed). You could then use this to tunnel from an unsafe place and browse as if you were at the safe, remote location instead. This is free.

secure crt ssh tunnel settings putty ssh tunnel settings

SSH Tunnel Instructions

1. Find your current IP

Goto whatismyip.com, look at your existing IP, without proxy.

Reason: compare later when we have a tunnel.

2. Packet Capture Th:

!(ipv6.dst == ff02::1) && !(ipv6.dst == ff02::c) && !stp && !cdp && !dtp && !dhcpv6 && !arp && !nbns && !browser && !icmpv6 && !ip.src==192.168.1.105 &&

Reason: verify that we are truly encrypted. This filter just hides network chatter. It’s the same thing a snooper would see.

(your filter may be different, or not required. I was on a chatty network when I inspected and thought this example would be worth showing)

3. Setup Putty for SSH Tunnel:

  • Session: user@yourserver.com:22
  • Connection>SSH: V2, Enable Compresion
  • Connection>SSH>Tunnels>Source: 7070, Dynamic, ADD
  • Session: Save, Open

or, create an SSH tunnel via command line:

ssh -D 7070 -p 22 user@yourserver.com sleep 9999

Reason: sets up loopback port (7070) on your local PC and connects over port 22 to the remote shell

4. Setup Firefox to encrypt to use the tunnel:

  • Tools > Options > Network > Settings > Manual
  • Socks: 127.0.0.1: 7070
  • click ok

5. Setup Firefox to use Remote DNS


  about:config
  network.proxy.socks_remote_dns=true
  

Reason: By default, your local PC will do the DNS by default, but that will show what websites you are going to, so this step sends DNS over the ssh tunnel.

6. Restart Browser

Reason: configures firefox to route traffic through the tunnel you just made

7. Test

  • View everything is over port 22
  • View ip is different from whatismyip.com
  • view filter in wireshark: dns, there should be no entries

References

SSH Tunnel NOT SAFE!!

Is all browsing now encrypted? No, it’s only encrypted to the remote server. From that point on it’s normal. Though if you were browsing an https connection without cookies, it’s pretty hard to figure out what your traffic is. Cookies are relatively simple to capture, sniff then replay for a man in the middle type attack or privileged login.

Every program needs to be configured to use your socks proxy. Newsreaders, itunes, and so forth by default will not use this encrypted tunnel unless you tell them to. And, there is a good chance that they’ll leak DNS information anyway. Some programs simply won’t use socks – so you can’t use them to tunnel like this. Others will use socks, but will still leak DNS (opera, IE, thunderbird)

If the gestapo come to get your remote server, it will have logs of where you went, and what DNS information you requested. ISPs along the way after your server will also have this information to provide to gestapo. So if the server is in your name, it will still track back to you. Though, you could destroy logs on your end by resetting your server via a XX min cron script. Logs on the destination would still exist, if they were kept, and logs through each router could exist (ie, will exist because of Bush’ invasion of privacy laws that Obama has continued).

All this does is allow you to use http or other protocols over whatever port your remote server is configured to listen to SSH on. It’s useful for encrypting communication to your server, that’s all.

Be advised too, that this traffic can be determined to be SSH. And if you are transferring large amounts of encrypted traffic over SSH, it can be found and will be suspicious. Some companies have this strictly against their policies as a method of bypassing firewalls.

So – use wisely, and understand what this actually does! The main use is firewall penetration and secure browsing so corporate or hotspot sniffers can’t see what you’ve just done – they still know you sent encrypted traffic.

There are several plugins for firefox that allow you turn these types of tunnels on per site. In this way you could give encrypted and non encrypted data together and would be harder to detect except for the initial SSH build (which shows up in a capture). It throws a red flag if you have 5GB of encrypted traffic and nothing they can monitor.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: