There’s probably 1001 posts and presentations written on this topic … however this is a version I wrote to better understand the process as well as be able to reference it in the future. Hopefully you will find it useful as well… If you are interested in using SSH for more nefarious purposes, check out the first video in our NovaHackers ShmooCon Epilogue Videos post where Andrew Morris presents “Ruining Security Models with SSH” starting at 3:25:20 for several other tricks. The presentation continues into the second video.
Now on to just the basics…
Get access to a remote service that provides SSH. If you already have a website, you may be in luck as most services offer SSH access for free or a nominal upgrade. Else you could just pay a one-time fee of $10 or so to try this out. If you are familiar with AWS you can also setup a basic Linux server for free to super cheap (think under $1) to try this.
Next, figure out your current Internet-viewable IP address to use as a baseline comparison after your SSH tunnel is setup. You could use a service like WhatIsMyIP.org or my current fav SpeedTest.net, to determine this.
Setup Local Proxy
If you have a computer with console SSH access, just enter the following command to log into your provider. “-D” specifies the port of the local proxy to listen on. This value is what you’ll use as the port in your browser’s proxy configuration. The “user” field is just your username at the remote provider and “ip” is the IP address of this remote host. You could replace this field with your service’s domain name but I prefer to use IP addresses when possible to prevent any DNS trickery.
ssh -D 8080 [email protected]
Assuming you’ve logged into this account before, you’ll just need to enter your password. If you haven’t, the console will also prompt you to verify the authenticity of your server’s RSA key fingerprint. It may be worth it documenting this fingerprint from a known safe network (e.g., not when at Defcon) for verification when connecting at your local Starbucks.
If you don’t have a computer with command line SSH available (e.g., Windows by default), you can use OpenSSH in Cygwin as an option or just use Putty. The nice thing about Putty is that you can usually execute it without admin privileges. Just download it here and start it up. To configure it to act as a local proxy navigate to the Connection > SSH > Tunnels area. For the Source Port value enter 8080 as above and for Destination enter localhost. Next, choose the Dynamic radio button, verify Auto is selected below that, and press the Add button.
Back in the Sessions configuration area enter your remote SSH IP and optionally save this as a session so you can easily return to it. Finally hit Open to connect to your remote server and log in as above with your username and password.
Configure Browser to Use Proxy
Next, you’ll need to set your browser to use the local proxy by configuring the SOCKS option. I use Firefox on Mac so I’ll describe that here. If this isn’t your setup, these instructions may differ slightly. Open your Preferences and navigate to Advanced -> Network. Select the Settings button and enter localhost and port 8080 for all the fields. Additionally to ensure that ALL browser traffic goes through the proxy, you may need to remove items from the exceptions list as well. Apply the settings and you’re basically done.
If you are extra paranoid you may also want to configure your browser to perform DNS lookups through the proxy as well. By default Firefox still uses your local OS settings. To change this configuration enter about:config in the URL address bar and click through the warning. Search for network.proxy.socks_remote_dns and set it to true. This makes the SOCKS proxy more like a regular proxy, where DNS is handled by the remote end of the tunnel.
Verify Remote Site In Use
Any other suggestions for improving using SSH as a proxy? Let us know in the comments below. Today’s post pic is from UnixAdminGuide. See ya!