ssh - How to encrypt/tunnel internet traffic through ssh

When using an insecure internet connection (e.g. wireless), it is a good practice to tunnel internet traffic through ssh. Tunneling through ssh provide encryption of the traffic starting from local computer to the point ends where ssh server is. It is especially important to encrypt the traffic out of the local PC when using un-secure connection as other malicious intent users might be able to sniff packet off the current connection.

How does ssh tunneling works?

It's basically creating a ssh session on a particular TCP port on local PC to connect to the ssh server.

The command syntax :
ssh -ND<local port to use, 1-65535> <ssh username>@<ssh server IP or hostname>

ssh -ND8080 bob@example.com

Some notes on this command :
  • after pressing enter on that command, nothing will happen as the parameter "-N" implies not to run any remote command
  • use local port lower then 1024 would required root privileges

If there is no error after pressing enter, the tunnel is assume to be up & running. Leave this command prompt as it is and configure the applications to use it. For illustration purpose, we will use FireFox to tunnel the internet traffic through this tunnel.

In FireFox :
  1. Edit --> Preferences --> Advanced --> Network --> Settings
  2. In the "Connection Settings" window, click on "Manual proxy configuration".
  3. Make sure "HTTP Proxy", "SSL Proxy", "FTP Proxy" & "Gopher Proxy" fields are empty and their "Port" field are "0" (zero).
  4. Fill the field "SOCKS Proxy" with "localhost" and "Port" field with "8080".
  5. Click "OK" and close the "Firefox Preferences"

Finally, go to the website "http://whatismyip.org" and you will noticed that your PC's WAN IP no longer used the un-secure connection gateway. Instead, the HTTP traffic are tunnel through the ssh server and the ssh server's internet gateway IP is listed.

Namaste !!!


takizo said...

can I go to ipchicken to check my IP?

monkey said...

Sure, you can check your IP @ http://www.ipchicken.com/ . Thanks for the tips. :)