SSH Tunnel + SOCKS Proxy Forwarding = Secure Browsing December 8, 2006Posted by Carthik in applications, commands, guides, servers, ubuntu.
When you are at the coffee shop, or at a conference, and you are not sure that you want to send all your data over the wi-fi network in plaintext, you want a secure tunnel to browse. This happened to me recently and I stumbled across a neat feature of openssh (the ssh client on everyone’s computer). The wonders of ssh never cease to amaze me!
You can use the “-D” flag of openssh to create a SOCKS proxy.
The command first:
$ssh -D 9999 username@ip-address-of-ssh-server
This of course connects you to the server specified by “ip-address-of-ssh-server”. Needless to say, you (username) must have an ssh account on the server. In addition, this will create a SOCKS proxy on port “9999” of your computer. This is a tunnel to the server. Now all you have to do is set the preference in Firefox to use a SOCKS proxy. The proxy is, of course, “localhost”, with the port 9999.
Now when you browse, all the connections you make to websites will seem to originate from the server to which you SSH-ed. In addition, all outgoing and incoming data for the browsing session will be encrypted since it passes through the SSH connection.
You can misuse this technology to circumvent paranoid browsing firewalls, even to pretend you are wherever your ssh server is located – so you can work around country-based blocks etc. I use it for the very unromantic reason that I don’t want some aspiring cracker to sneak up on me when I am in public.
- Kees Cook tells us how to tunnel DNS lookups, so snoopy folks can’t even figure out what your are browsing, and the evil ones can’t DNS-phish you
- Don McArthur points out his excellent article that addresses the same issue
- verevi says the FoxyProxy extension will make things easier for you on the Firefox side of things
Thanks a lot for the tips and pointers, folks.