hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : Proxy Connections With SSH or PUTTY
Reply

Forum Jump

Proxy Connections With SSH or PUTTY

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 08-13-2006, 02:25 PM
Ankheg Ankheg is offline
Premium Member
 
Join Date: Mar 2003
Location: Saint Paul, MN
Posts: 826

Proxy Connections With SSH or PUTTY


There are four very good reasons why you'd want to proxy internet applications thru a SSH tunnel - either for security (local traffic between you and the server running SSH will be encrypted), for privacy (hiding your "real" IP address), for technical reasons (such as IP-based authentication mechanisms that you'd like to be able to access even from multiple locations or with dynamically-assigned IPs) or, of course, just because you can.

Since there have been a number of questions here lately about how to proxy connections thru a server - often phrased something like "how do I use Squid, which is hellaciously complicated to setup and gross overkill for what I want to do, to browse the web from my server's IP address?" (Well, that's how I remember the questions, anyway. ) - I've put together this little tutorial on using PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/) and plain old SSH to do this.

First, you need access to, and an SSH account on, a server. For the examples below, this server is "example.tld", and we'll pretend your account is "foo". While there's nothing stopping you from doing this as root, it's a bad idea to allow direct root login, and an equally bad idea to login as root needlessly.

Second, you need either PuTTY (see above) on Windows or older Macs; on Linux and Unix machines, you need SSH or SSH2; the former is generally included in the base system of most distributions, and the latter is an optional package.

First, PuTTY instructions. Get PuTTY, and load it up. You'll see a screen somewhat like this:
In the address bar, enter your server's hostname or IP address (here example.tld). Make sure the "SSH" button is checked, and that you're using port 22.

Then, in the left-hand menu, click on "SSH". You should see a screen like that below:


Tick "enable compression", and set your preferred SSH version to "2". Now, click on the "tunnels" line under SSH; you should see a screen like this:



Tick the "dynamic" button, then put in a source port - here I've used 4567, but you can use pretty much anything not otherwise in use - 1234, 2525, 6666, or whatever. Click the "add" button, and you should see something like this:



With me so far? Good. Now, go back to the "session" tab at the top of the menu:



Enter a name for this connection - here the imaginative "My SSH Proxy" - and click "Save".

Now, to use this tunnel, fire up PuTTY, enter your username and your password; you should log in as normal. Then, fire up the SOCKS-compatible application you'd like to use - in this case, everyone's favorite web browser, Firefox. Click Tools -> Options -> General -> Connection Settings, and you should get to a screen like this:



Tick "Manual Proxy Configuration", then put in "127.0.0.1" in the "SOCKS Host" line, and the port you setup in PuTTY earlier - in this case again, 4567. Tick the "Socks 5" button, hit OK, and you should be browsing the web via an encrypted connection to your server. Check out one or more of those "what's my IP address" sites, and you should see your server's IP address.

People on Linux and Unix boxes can eschew the whole Putty thing by simply opening up a shell window and typing:

ssh -C -2 -D 4567 foo@example.tld
Login with your password, and proceed as above, setting up Firefox. IE, Mozilla, Konqueror, and other programs are setup to use the SSH tunnel pretty much the same way as Firefox - the basic thing you need to do is point it to your local IP - 127.0.0.1 - and the port - 4567, or whatever you chose.

Hopefully that answers some of the questions people have been having...

__________________
redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS




Sponsored Links
  #2  
Old 08-13-2006, 03:29 PM
borohost borohost is offline
New Member
 
Join Date: Aug 2006
Posts: 0
thanks for sharing !! but is it safe to login using proxy ?

  #3  
Old 08-13-2006, 04:18 PM
Ankheg Ankheg is offline
Premium Member
 
Join Date: Mar 2003
Location: Saint Paul, MN
Posts: 826
Is it safe to login where or to what using a proxy?

__________________
redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS


Sponsored Links
  #4  
Old 08-13-2006, 08:57 PM
layer0 layer0 is offline
Performance Specialist
 
Join Date: Dec 2004
Location: New York, NY
Posts: 10,505
Thanks Ankheg...I've been looking for a solution to do this for a *long* time...never really checked too much into it though. Gonna give it a whirl right now..I'll post back with how it works out. Cheers!

edit - works great!

__________________
MediaLayer, LLC - www.medialayer.com Lightning fast web hosting since 2005.
The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage
Learn how we can make your website load faster, translating to better conversion rates for your business!


Last edited by layer0; 08-13-2006 at 09:03 PM.
  #5  
Old 08-14-2006, 03:38 PM
tamar tamar is offline
Junior Guru
 
Join Date: May 2006
Posts: 232
Ankheg: great tutorial! Thanks for sharing this with us!

  #6  
Old 10-29-2006, 10:15 AM
w3bmast3r w3bmast3r is offline
New Member
 
Join Date: Dec 2005
Posts: 1
That works a treat - now if only I could find a way to proxy SSH through my work proxy and then procy my brosers through SSH - lol

Long winded way of doing what I want

  #7  
Old 11-05-2006, 08:13 PM
Al3in Al3in is offline
New Member
 
Join Date: Jun 2006
Posts: 2
thanx dear

  #8  
Old 07-06-2007, 08:15 PM
killermonk killermonk is offline
New Member
 
Join Date: Jul 2007
Posts: 0
I have done this on both a linux machine and a windows machine. I set my browser up to go through the proxy but all that results is a white page.

Is there any special server-side configuration that might need to be done in order to get this forwarding to work?

  #9  
Old 07-06-2007, 11:34 PM
Ankheg Ankheg is offline
Premium Member
 
Join Date: Mar 2003
Location: Saint Paul, MN
Posts: 826
It shouldn't require any special settings, no. I'd double check /etc/ssh/sshd_config to make sure there aren't any settings that are set which possibly shouldn't be (AllowTcpForwarding no, for instance, or GatewayPorts no).

Assuming the remote machine is running a reasonably default configuration of a reasonably current mainstream server OS, this technique should - and does - work fine as described; I'm using it right now, actually, to post this. I'd look at a firewall issue, perhaps, or a DNS issue at the remote end. You don't have any egress filtering or anything going on with APF or anything, right?

__________________
redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS


  #10  
Old 07-07-2007, 12:12 AM
killermonk killermonk is offline
New Member
 
Join Date: Jul 2007
Posts: 0
It's not a DNS issue, I don't think. I can normal ssh into the server and get to all the websites with lynx.

I didn't set up anything, to my knowledge, to do egress filtering or APF. I don't know what those are, though, to be honest, so I couldn't honestly tell you whether or not they are.

What kind of thing with a firewall (it is behind a router/hardware firewall) would I need to watch out for that might cause this kind of problem?

  #11  
Old 07-07-2007, 02:40 PM
Ankheg Ankheg is offline
Premium Member
 
Join Date: Mar 2003
Location: Saint Paul, MN
Posts: 826
Offhand, I can't immediately think of how a router/firewall would create problems with this, but I was thinking more of a software firewall - like APF - at the far end.

If that's not the case, I'd suggest you double-check you've got everything set up correctly. Maybe try a different port, make sure you're using the right settings for the dynamic SSH port, back off to Socks4, disable compression... even try a different browser (I'm open to the possibility that some toolbar or plugin could cause problems, especially some of the proxy-switcher, tor, or privoxy plugins for Firefox.)

Usually, if you've screwed up somewhere, you'll get a "the proxy server is refusing connections" message. A blank screen is a new one on me.

__________________
redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS


  #12  
Old 07-14-2007, 07:12 AM
eymbo eymbo is offline
Junior Guru Wannabe
 
Join Date: Jun 2006
Posts: 57
Is there a way to bind the proxy connection to another ip other than the main server ip?

A great tutorial here I'm using it fine.

__________________
ServerTweak Networks, LLC >> ServerTweak.com
Experience the fastest network and superior servers, feel the power of ServerTweak!
Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales

  #13  
Old 07-14-2007, 08:35 AM
Ankheg Ankheg is offline
Premium Member
 
Join Date: Mar 2003
Location: Saint Paul, MN
Posts: 826
Quote:
Originally Posted by eymbo View Post
Is there a way to bind the proxy connection to another ip other than the main server ip?
Generally, whatever IP address you connect to, is the IP address you connect from. So if you want to use 123.45.67.89, for example, you use that IP, rather than server.foo.com, which might be 123.45.67.88. Or whatever.

__________________
redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS


  #14  
Old 07-14-2007, 09:04 AM
eymbo eymbo is offline
Junior Guru Wannabe
 
Join Date: Jun 2006
Posts: 57
Quote:
Originally Posted by Ankheg View Post
Generally, whatever IP address you connect to, is the IP address you connect from. So if you want to use 123.45.67.89, for example, you use that IP, rather than server.foo.com, which might be 123.45.67.88. Or whatever.
Yeah that was what I was thinking however I did try and it didn't work. :?

__________________
ServerTweak Networks, LLC >> ServerTweak.com
Experience the fastest network and superior servers, feel the power of ServerTweak!
Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales

  #15  
Old 07-16-2007, 01:25 AM
offbeat offbeat is offline
New Member
 
Join Date: Jul 2007
Posts: 0
Quote:
Originally Posted by eymbo View Post
Yeah that was what I was thinking however I did try and it didn't work. :?
Then you are not doing it correctly. Make sure that you have your browser pointed to the proxy you are creating with putty.

You can also use remote port settings to forward email ports and such through your ssh connection, very handy if you want to check your POP account on the go.

Reply

Related posts from TheWhir.com
Title Type Date Posted
WHMCS Encourages Users to Upgrade as Part of Important Security Update Web Hosting News 2014-08-27 12:05:55
Swarmify's New Approach to Content Delivery Uses Site Visitors to Accelerate Content Web Hosting News 2014-05-01 08:34:03
Microsoft Launches ExpressRoute to Provide Fast and Secure Hybrid Cloud Connections Web Hosting News 2014-02-21 13:20:00
Google Cloud Provides Support For Native MySQL Connections Web Hosting News 2013-11-01 14:36:06
Cologix Expands Standard Connections Product to All Carrier Hotel Data Centers Web Hosting News 2013-01-15 11:25:06


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?