Revision of Private Internet browsing via SSH. from Mon, 09/03/2007 - 15:53

Ever found yourself in a public place, wanting to use the internet, but scared of privacy issues? well This is the solution.

If you have a home machine with Ubuntu (or pretty much any linux distro) you can download and install an SSH server which allows you to effectively "dial in" with a secure tunnel from another machine.

On the server. (assuming Ubuntu)

The commands you do are in BOLD. 

Open gnome-terminal / Konsole / Your CLI progam of choice. 

sudo apt-get install openssh-server (This installs the actual server part of ssh
*If you are happy with SSH running on port 22, Skip this part*
sudo gedit /etc/ssh/sshd_config (This opens the ssh config file in a text editor)
Inside of the file, look towards the top for "Port 22" and change the '22' to the port you wish SSH to run on. Personally I run mine on port 443, as most public/private Wifi has port 443 available for use.
When you are happy, hit save and close Gedit.
sudo /etc/init.d/ssh restart

 

A Quick Note about Firefox (Linux and Windows)

 Firefox, on Linux or Windows has DNS leakage. When you set a proxy in Firefox, it will recieve the page content (i.e text, image, video) via the proxy, but the DNS request goes via the standard connection, If this is not fixed, users can see what websites you are going on via the DNS requests. Here is how to fix it in Linux and Windows (and most likely, OSX)

Open FireFox, in the address bar type
about:config and hit enter
On the screen that has just appeared, use the inbuilt search and find
network.proxy.socks_remote_dns doubleclick it so it says "true" to the right hand side of it.
There, DNS leakage has been fixed.

 

On A Linux Client.

 At this point I should really explain what the overall process is, Openssh has a Socks (5) proxy built in, this, when forwarded allows the user to browse the Internet THROUGH the secure tunnel, this will make browsing a LOT (if not totally) private.

Ok, On the client, open up a CLI (gnome-terminal, Konsole, or my favourite for this, Yakuake) and type the following :-

(for users using port 22)
ssh -D 7070 username@IP-OR-DOMAIN
(for users who changed their port)
ssh -p PORT -D 7070 username@IP-OR-DOMAIN

Now, open Firefox, Go to Edit - Preferences - Advanced - Network (tab) and hit "settings" under 'connection'.

Press "MANUAL" and in the bottom entry box "Socks host" enter 127.0.0.1 and in the port box, enter 7070.
Push ok, and close the other box. Now try browse the internet, if it works, you have successfully tunnelled your connection.

 

On a Windows Client.

Windows does not appear to have the ability to use SSH connections built in by default, so the user must download a program that allows this.

Putty (or my favourite variant of putty PuttyTray ) Allows the user to make an SSH connection and Forward internet traffic through it.

Once you have downloaded putty tray, open it and put your IP or Domain in the HOST NAME box, Put your Port in the PORT box.
On the left hand menu of putty go to "SSH" (the one with the little + next to it), once that has opened, click 'Tunnels'.
In the new screen there is a "SOURCE PORT" box, in there type 7070 and click Dynamic Underneath.
Scroll back up the menu on the left, click Session and in the "Saved Sessions" Box Type a name to remember the connection by, and hit "Save". Push Open and the connection will open.

Now Open Firefox. Go to Tools - Option - Advanced - Network (tab) - Settings. Push MANUAL and set the SOCKS HOST to 127.0.0.1 and the PORT to 7070. Push OK and close the other boxes, Try to browse the internet, if this works then you have successfully routed your internet connection through the SSH tunnel.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Thanks

Thanks for the howto! Did you write it of your own?

I inserted a teaser, so now the story is not entirely displayed on the frontpage.

 

vpn

does vpn do the same thing (that is, if you vpn'd to a secure and trusted server instead of ssh'ing to your home computer, would that be safe as well?)

VPN

Yes, VPN does the same job (or can do), But I am not personally familiar with the security of VPN connections.