SSH Tunneling In WindowsSSH Tunneling is done over SSH connection and its purpose is to allow traffic to pass securely (encrypted) through that tunnel to a remote destination. SSH tunneling can be used for:
- accessing securely sensitive web resources. Very useful for accessing admin panels over wireless networks for example. This could be a perfect and better substitute for SSL because you can not only prevent sniffing but you can limit the IPs having access to the sensitive resources only to those of the SSH server.
- bypassing ISP restrictions. SSH can be configured to work on any port so it is easy to avoid firewall filtering. This will allow you to bypass anything from a restrictive company firewall to even the great chinese firewall.
SSH Tunneling is similar to using VPN. However, it can be easier and simpler to set up under most circumstances because:
- Almost every Linux server has SSH and it consumes as little resources as possible;
- Client configuration is very fast and straight-forward;
- Reconfiguration is very versatile. You can change servers (IPs), ports and users with the least possible efforts.
So to be begin wе will need a server with SSH running to which we will connect. You can get such a server from any datacenter / server provider and you will need as much as 128 MB of RAM with no other special requirements. I recommend RackSpace for the best price / resources ratio but almost any will suffice.
So once we have a server with SSH running on it we have to modify its configuration to allow tunnels. This can be done by opening with text editor the file /etc/ssh/sshd_config and making sure that this line is there:
If the line wasn't there before you have to add it and restart the SSH server. Next, you might consider adding more users to the system because it will not be wise to connect always with the root user.
Next comes the part which confuses most people and makes SSH tunneling unpopular. To make it as practical as possible we will use a program especially for tunneling purposes called MyETunnel. You can download myentunnel-unicode.zip from here:
Once downloaded, extract it and put it in a directory. Then in that same directory download the file plink.exe from:
That's all the software you will need so let's get started with the local Windows configuration. Open the file myentunnel.exe and fill in the details similarly to this:
Once all the details are filled in click on Connect. You may adjust some settings to your preferences as the ones whether the command should connect on Startup.
Once the program connects you have to configure your client programs (browser for example) to use it. Let's configure Firefox for the example. Go to Options, Connection settings and specify:
Make sure that you specify a SOCKS Host and not a proxy URL. Only this way it will work. In our case we have used port 7070.
Finally try opening a page in your browser (Firefox from the example) and check what your IP address is. It should be the one from the SSH server.
The above simple but very secure and stable configuration should give you great flexibility and power for bypassing local network restrictions and securing your traffic.
blog comments powered by Disqus