Results 1 to 24 of 24
-
08-13-2006, 02:25 PM #1Web Hosting Master
- Join Date
- Mar 2003
- Location
- Saint Paul, MN
- Posts
- 832
Proxy Connections With SSH or PUTTY
There are four very good reasons why you'd want to proxy internet applications thru a SSH tunnel - either for security (local traffic between you and the server running SSH will be encrypted), for privacy (hiding your "real" IP address), for technical reasons (such as IP-based authentication mechanisms that you'd like to be able to access even from multiple locations or with dynamically-assigned IPs) or, of course, just because you can.
Since there have been a number of questions here lately about how to proxy connections thru a server - often phrased something like "how do I use Squid, which is hellaciously complicated to setup and gross overkill for what I want to do, to browse the web from my server's IP address?" (Well, that's how I remember the questions, anyway. ) - I've put together this little tutorial on using PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/) and plain old SSH to do this.
First, you need access to, and an SSH account on, a server. For the examples below, this server is "example.tld", and we'll pretend your account is "foo". While there's nothing stopping you from doing this as root, it's a bad idea to allow direct root login, and an equally bad idea to login as root needlessly.
Second, you need either PuTTY (see above) on Windows or older Macs; on Linux and Unix machines, you need SSH or SSH2; the former is generally included in the base system of most distributions, and the latter is an optional package.
First, PuTTY instructions. Get PuTTY, and load it up. You'll see a screen somewhat like this:
In the address bar, enter your server's hostname or IP address (here example.tld). Make sure the "SSH" button is checked, and that you're using port 22.
Then, in the left-hand menu, click on "SSH". You should see a screen like that below:
Tick "enable compression", and set your preferred SSH version to "2". Now, click on the "tunnels" line under SSH; you should see a screen like this:
Tick the "dynamic" button, then put in a source port - here I've used 4567, but you can use pretty much anything not otherwise in use - 1234, 2525, 6666, or whatever. Click the "add" button, and you should see something like this:
With me so far? Good. Now, go back to the "session" tab at the top of the menu:
Enter a name for this connection - here the imaginative "My SSH Proxy" - and click "Save".
Now, to use this tunnel, fire up PuTTY, enter your username and your password; you should log in as normal. Then, fire up the SOCKS-compatible application you'd like to use - in this case, everyone's favorite web browser, Firefox. Click Tools -> Options -> General -> Connection Settings, and you should get to a screen like this:
Tick "Manual Proxy Configuration", then put in "127.0.0.1" in the "SOCKS Host" line, and the port you setup in PuTTY earlier - in this case again, 4567. Tick the "Socks 5" button, hit OK, and you should be browsing the web via an encrypted connection to your server. Check out one or more of those "what's my IP address" sites, and you should see your server's IP address.
People on Linux and Unix boxes can eschew the whole Putty thing by simply opening up a shell window and typing:
ssh -C -2 -D 4567 foo@example.tld
Login with your password, and proceed as above, setting up Firefox. IE, Mozilla, Konqueror, and other programs are setup to use the SSH tunnel pretty much the same way as Firefox - the basic thing you need to do is point it to your local IP - 127.0.0.1 - and the port - 4567, or whatever you chose.
Hopefully that answers some of the questions people have been having...redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS
-
08-13-2006, 03:29 PM #2New Member
- Join Date
- Aug 2006
- Posts
- 1
thanks for sharing !! but is it safe to login using proxy ?
-
08-13-2006, 04:18 PM #3Web Hosting Master
- Join Date
- Mar 2003
- Location
- Saint Paul, MN
- Posts
- 832
Is it safe to login where or to what using a proxy?
redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS
-
08-13-2006, 08:57 PM #4Eternal Member
- Join Date
- Dec 2004
- Location
- New York, NY
- Posts
- 10,710
Thanks Ankheg...I've been looking for a solution to do this for a *long* time...never really checked too much into it though. Gonna give it a whirl right now..I'll post back with how it works out. Cheers!
edit - works great!Last edited by layer0; 08-13-2006 at 09:03 PM.
MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business
-
08-14-2006, 03:38 PM #5Junior Guru
- Join Date
- May 2006
- Posts
- 244
Ankheg: great tutorial! Thanks for sharing this with us!
-
10-29-2006, 10:15 AM #6New Member
- Join Date
- Dec 2005
- Posts
- 2
That works a treat - now if only I could find a way to proxy SSH through my work proxy and then procy my brosers through SSH - lol
Long winded way of doing what I want
-
11-05-2006, 08:13 PM #7Newbie
- Join Date
- Jun 2006
- Posts
- 6
thanx dear
-
07-06-2007, 08:15 PM #8New Member
- Join Date
- Jul 2007
- Posts
- 2
I have done this on both a linux machine and a windows machine. I set my browser up to go through the proxy but all that results is a white page.
Is there any special server-side configuration that might need to be done in order to get this forwarding to work?
-
07-06-2007, 11:34 PM #9Web Hosting Master
- Join Date
- Mar 2003
- Location
- Saint Paul, MN
- Posts
- 832
It shouldn't require any special settings, no. I'd double check /etc/ssh/sshd_config to make sure there aren't any settings that are set which possibly shouldn't be (AllowTcpForwarding no, for instance, or GatewayPorts no).
Assuming the remote machine is running a reasonably default configuration of a reasonably current mainstream server OS, this technique should - and does - work fine as described; I'm using it right now, actually, to post this. I'd look at a firewall issue, perhaps, or a DNS issue at the remote end. You don't have any egress filtering or anything going on with APF or anything, right?redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS
-
07-07-2007, 12:12 AM #10New Member
- Join Date
- Jul 2007
- Posts
- 2
It's not a DNS issue, I don't think. I can normal ssh into the server and get to all the websites with lynx.
I didn't set up anything, to my knowledge, to do egress filtering or APF. I don't know what those are, though, to be honest, so I couldn't honestly tell you whether or not they are.
What kind of thing with a firewall (it is behind a router/hardware firewall) would I need to watch out for that might cause this kind of problem?
-
07-07-2007, 02:40 PM #11Web Hosting Master
- Join Date
- Mar 2003
- Location
- Saint Paul, MN
- Posts
- 832
Offhand, I can't immediately think of how a router/firewall would create problems with this, but I was thinking more of a software firewall - like APF - at the far end.
If that's not the case, I'd suggest you double-check you've got everything set up correctly. Maybe try a different port, make sure you're using the right settings for the dynamic SSH port, back off to Socks4, disable compression... even try a different browser (I'm open to the possibility that some toolbar or plugin could cause problems, especially some of the proxy-switcher, tor, or privoxy plugins for Firefox.)
Usually, if you've screwed up somewhere, you'll get a "the proxy server is refusing connections" message. A blank screen is a new one on me.redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS
-
07-14-2007, 07:12 AM #12Junior Guru Wannabe
- Join Date
- Jun 2006
- Posts
- 67
Is there a way to bind the proxy connection to another ip other than the main server ip?
A great tutorial here I'm using it fine.ServerTweak Networks, LLC >> ServerTweak.com
Experience the fastest network and superior servers, feel the power of ServerTweak!
Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales
-
07-14-2007, 08:35 AM #13Web Hosting Master
- Join Date
- Mar 2003
- Location
- Saint Paul, MN
- Posts
- 832
redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS
-
07-14-2007, 09:04 AM #14Junior Guru Wannabe
- Join Date
- Jun 2006
- Posts
- 67
ServerTweak Networks, LLC >> ServerTweak.com
Experience the fastest network and superior servers, feel the power of ServerTweak!
Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales
-
07-16-2007, 01:25 AM #15New Member
- Join Date
- Jul 2007
- Posts
- 1
Then you are not doing it correctly. Make sure that you have your browser pointed to the proxy you are creating with putty.
You can also use remote port settings to forward email ports and such through your ssh connection, very handy if you want to check your POP account on the go.
-
08-07-2007, 05:49 PM #16Web Hosting Master
- Join Date
- Apr 2005
- Location
- Bangladesh
- Posts
- 593
works great =D
thanksssss
-
08-07-2007, 05:55 PM #17Web Hosting Master
- Join Date
- Apr 2005
- Location
- Bangladesh
- Posts
- 593
-
08-12-2007, 01:34 PM #18Web Hosting Guru
- Join Date
- Dec 2002
- Location
- USA
- Posts
- 339
Works great with Putty.
But, Is there a tutorial to get this to work with WinSCP?
-
08-14-2007, 08:18 AM #19Web Hosting Master
- Join Date
- Apr 2005
- Location
- Bangladesh
- Posts
- 593
Anyone been able to use any ip other than the main server ip?
-
08-21-2007, 09:08 AM #20Junior Guru Wannabe
- Join Date
- Jun 2006
- Posts
- 67
I have tried binding SSH to another IP and have yet to figure out how to make it work. I've tried using a user specified configuration in the ~/.ssh directory but to no success. Is anyone able to figure this out?
ServerTweak Networks, LLC >> ServerTweak.com
Experience the fastest network and superior servers, feel the power of ServerTweak!
Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales
-
08-31-2007, 12:48 AM #21Web Hosting Guru
- Join Date
- May 2006
- Posts
- 312
Traditional music traveling
-
07-28-2009, 10:18 AM #22New Member
- Join Date
- Jul 2009
- Posts
- 1
this thread is somewhat old, but the priciples are still valid I guess. I have a similar problem with browsing over the tunnel: I can perfectly get a ssh connection via putty (over a authorizing proxy), but when I remove all proxy settings in firefox and only enter the socks proxy, I get a "Server not found" message from firefox (which sounds to me like a dns problem). I can open a site on the remote server with lynx, so dns should work there. Any way to trace the problem?
-
09-10-2009, 06:26 AM #23Newbie
- Join Date
- Sep 2005
- Posts
- 21
some common mistakes
May be I am digging up an old thread.
I had tried this long time back, but were not able to browse. This was because I was using the systems IP itself and not the localhost IP to setup the proxy port.
Also I made the mistake of not setting the proxy at the SOCKS entry.
Just adding to this so that someone comin along this thread will benfictMathew Augustine
Systems Engineer
"Drink nothing without seeing it; sign nothing without reading it."
-
10-22-2013, 07:49 PM #24New Member
- Join Date
- Oct 2013
- Posts
- 1
I used PuTTY for SSH tunneling before. It was quite boring to run PuTTY each time I needed to setup the tunnel and to re-configure new apps to use the local SOCKS proxy. Also, not all apps support proxies.
Now I'm using ProxyCap. It will create the ssh tunnel and will redirect other programs to this tunnel.