The Encrypted Network Tunnel

While researching ways of securing a connection between two networks (VPNs, SSH, etc) I kept finding pages that detailed setting up an SSH tunnel to bypass your company’s web browsing policy. And while I don’t condone that activity, there are those of us who’s job it is to prevent it from happening, so best to know how to do it. And there are legitimate reasons to use it. Creating a tunnel changes your origination point – create a tunnel to a machine in a far off land, and your web server will see the far off land as the origination of the request. So, it’s great for testing!

Three Easy Steps

So, let’s setup a tunnel! MAKE SURE YOU ARE ALLOWED TO DO SO then follow these simple steps:

1. Create an SSH Tunnel – Open an ssh connection to a host you are able to login to and specify a port to listen on for a SOCKS tunnel.
   

   ssh -D port hostname

2. Use Your Tunnel as a SOCKS Proxy – Configure your browser to use your local machine (on the same port) as a SOCKS proxy.
   

   Socks Proxy: localhost Socks Port: port from above

3. There is no step 3 – Because a SOCKS proxy is built into SSH, nothing else is needed!

If you can SSH to it, then you can proxy through it

That’s all there is to it. You can now use your local browser as if it was running on the remote machine. Any machine you can SSH to is now part of your test bed. Just to prove how simple it is, I have tested this setup using the rather stripped down environment in my wireless router as the server. It worked perfectly. This setup is equally simple on a Mac (although upgrading to the latest OpenSSH is a good idea) and Windows machines (using PuTTY as your SSH client).