SSH Tunnel - With SOCKS5 Proxy [EXCLUSIVE]
SSH client is usually used to connect a client to a remote machine securely and for executing commands on a remote computer. But this time, we are going to use the SSH tunnel as a SOCKS5 proxy to our local machine.
SSH Tunnel - with SOCKS5 proxy
One solution is to use VPN, though using SSH tunnel SOCKS5 proxy can also achieve the same results. SOCKS5 proxy requires you to configure the application you are using such as a web browser to use the proxy server. If all you need to secure is your web browsing, SOCKS5 proxy tunnel is a simple alternative. To make all comparison between VPN and SOCKS5 proxy is a large topic, maybe we can cover this later.
Now that the SSH tunnel is up and running, it's time to configure the web browser (Firefox) to use that tunnel. Remember that when the tunnel was established, you need to configure local applications to use that SOCKS5 proxy.
A SOCKS proxy is an SSH encrypted tunnel in which configured applications forward their traffic down, and then, on the server-end, the proxy forwards the traffic to the general Internet. Unlike a VPN, a SOCKS proxy has to be configured on an app-by-app basis on the client machine, but you can set up apps without any specialty client software as long as the app is capable of using a SOCKS proxy. On the server-side, all you need to configure is SSH.
In this script, replace the path to Firefox with the one that is appropriate for your system. You may also need to adjust the SSH line to reflect the successful command you used previously to stand up a tunnel.
This will execute sleep 10, and simply as a side effect run your tunnel. It creates and keeps tunnel alive for 10 seconds. Launch a firefox within these 10 seconds, and the tunnel will be kept alive until firefox closes connections, then ssh tunnel will auto close, and exit.
There's no reason $hostname cannot be B's localhost; it can. In this case B=C. This is pointless when you use this SOCKS proxy with your local browser (A=B=C) but if you allow connections from the outside then it makes perfect sense. I guess this is what you want to do. The command may be:
What you describe is a SOCKS proxy. It is standalone protocol used by various tools. What openssh does it to tunnel this protocol encrypted from one point to the other. But more precisely, it is called TCP port forwarding (it forwards one port from client through the secure tunnel to the server).
People often speak of SSH tunneling as a poor man's VPN. It is exactly the same on a feature and security point of view: you establish a secure tunnel between the client and a relay host and let a communication go unencrypted past the relay. The way the tunnel is established and secured may vary per VPN system but all serious ones can use standard up to date protocols, as can do SSH (and all can be equally configured with some work to use unsecure protocols).
The main difference is in usability. SSH goal is to establish a secure connection between a client and a host, and it does a nice job for it with clean and neat human interfaces. It can transport additional communications inside its tunnel, but as it is not its main goal, the commands are not really straightforward. Whereas a VPN goal is to provide transparent relaying of various protocols so it is much easier to use for that goal.
This means that you can use this to tunnel all of your software to make it appear if everything is running from your remote server (even programs that dont have native support for proxying). Again, you should be able to google what is my ip and have it display the remote servers IP address.
Some people say that SSH is a poor mans VPN. I would strongly disagree, and say instead that SSH is a more surgical method of tunneling specific traffic for people who understand what they are doing. Whereas VPN is like tunneling with dynamite ... you will get a tunnel, but is sometimes the wrong tool for the job.
Alternatively, if you have SSH access to your works network ... you can tunnel just your email and setup a socks proxy. This means that you can still get your email, and use one browser for business stuff (eg Chrome) and another browser for viewing cat pictures (eg Firefox).
Not only does this securely tunnel my DNS requests and online banking and DNS requests securely past my ISP's prying eyes (once you direct your browser to use it). But instead of taking over my full machine's IP stack like a VPN. I can tunnel just the apps I want to (e.g. run chrome for my SOCKS5 banking, and firefox (direct home network) for printing to my wireless LAN HP laserjet). Any other apps that don't have SOCKS5 settings (or I just don't want to mess with them) can be "wrapped" to run through my SOCKS5 tunnel by using proxychains as a wrapper. VERY powerful and handy app.
Accessing the web interfaces of the applications running on our application servers is fine while working on premise. However, when I work from home I need to create an SSH tunnel through the bastion server and then use Chromes socks5 proxy to direct requests through the SSH tunnel.
At work we are all using Windows 7+, with full administrative privileges. Each PC has a dedicated IP and a proxy is used. It is set as a HTTP proxy and the option to use this for all types of connections is checked.
I have at home a "ddwrt" router with a SSH server. I use PuTTY to establish a SSH connection to my home router using port 443. PuTTY is configured for socks5 proxy tunnelling, and Firefox is enabled to send DNS requests over SSH, and Chrome also (I checked dnsleaktest, and my home configured google public DNS is used, not the company one, no DNS leaks here). I had to set company proxy in Putty to have access to Internet.
Everything is working fine, and I think I'm safe on this, but the proxy I had to set in Putty bothers me a little, as I'm not sure if that proxy can see the traffic that comes from Putty? Or the connection is still encrypted, no matter if that goes over the company proxy, the socks5 tunnel is established through the company proxy.
As for the corporate proxy, it works as it would work for SSL: the browser sends a "CONNECT" order to the proxy, with a target name and port, and asks the proxy to propagate bytes in both directions. In your case, the corporate proxy believes that it is forwarding some SSL connection, but in fact this is some SSH. The proxy is still "on the outside" cryptographically speaking; it won't see the data, and, in particular, it won't even know which sites you are browsing. The corporate proxy sees one quite busy connection, between your desktop system and your home router.
First you must have ssh access to the remote machine you want to proxy to. Let it be a home machine or a free shell you signed up for on-line. You must also make sure you can ssh from where your browser is to where you want to tunnel to. No need to set this up if port 22 is not open to you from your location to your destination.
You need to configure Firefox to use the proxy. Find the section to add a proxy to the browser. On *nix systems of Firefox you will find the settings in File, Preferences, Advanced, Network, Settings. The setting by default is "Direct Connection to the Internet". We need to setup the "Manual proxy configuration". You have two(2) options to pick from. You can proxy directly to the remote machine and then connect directly to web sites. This is the SOCKS5 method and is the easiest to setup. Or, you could use a Squid web proxy (if available) on the remote machine to accept the traffic from the ssh tunnel. Squid would then request the traffic from web sites. Pick one of the options below.
Option 1: ssh and direct connect (SOCKS5) : If you are going to use the ssh tunnel with the option "-D 8080" then you need to setup the browser to use a SOCKS5 proxy. Setup the proxy config page with the following entries and leave the rest of the entries blank.Manual proxy configuration: SOCKS Proxy 127.0.0.1 Port 8080 check the box for "SOCKS v5"
Option 2: ssh tunnel to squid proxy (HTTP/SSL Proxy) : If you are going to use the ssh tunnel with the option "-L 8080:localhost:2020" to connect to the remote machine's Squid proxy then configure the browser to use a HTTP/SSL proxy. Setup the proxy config page with the following entries and leave the rest of the entries blank.Manual proxy configuration: HTTP Proxy: 127.0.0.1 Port 8080 SSL Proxy : 127.0.0.1 Port 8080
This step is optional, but since we are going to be proxying the data over the ssh tunnel then we should also proxy the DNS requests as well. The purpose of this exercise is to get to a site we might not otherwise be able to retrieve or just to anonymize our browsing from your location. If we tunneled our data through ssh and then asked the local DNS server for the ips it would defeat the purpose. So, add a boolean option into the URL "about:config" page in Firefox. Name the entry "network.proxy.socks_remote_dns" and set it to true.
Option 2: ssh to squid proxy (HTTP/SSL Proxy) : The following line will also start the ssh client and connect to username@remote_machine.com. Port 8080 on localhost (127.0.0.1) on the current machine will listen for requests and ssh tunnel them to the remote machine. On the remote machine ssh will forward the packets to localhost port 2020. If squid is listening on localhost port 2020 on the remote machine then all requests sent though the ssh tunnel will then be forwarded to squid. You can use squid to block ads and speed up web access. If you need assistance with squid, check out the Calomel.org Squid "how to" page.ssh -C2qTnN -L 8080:localhost:2020 username@remote_machine.com
Once you execute the ssh line the encrypted and compressed ssh tunnel will be active in the xterm. We used the "quiet" options in ssh so there will not be any logging or output to the terminal.Make sure Firefox is working by checking the proxy is active and then try to go to a web page. You can also try a site like WhatIsMyIp.com to verify the ip you have with the proxy is different than without. 041b061a72