HOWTO – SSH Proxy 101

There’s probably 1001 posts and presentations written on this topic … however this is a version I wrote to better understand the process as well as be able to reference it in the future. Hopefully you will find it useful as well… If you are interested in using SSH for more nefarious purposes, check out the first video in our NovaHackers ShmooCon Epilogue Videos post where Andrew Morris presents “Ruining Security Models with SSH” starting at 3:25:20 for several other tricks. The presentation continues into the second video.

Now on to just the basics…

Preparation

Get access to a remote service that provides SSH. If you already have a website, you may be in luck as most services offer SSH access for free or a nominal upgrade. Else you could just pay a one-time fee of $10 or so to try this out. If you are familiar with AWS you can also setup a basic Linux server for free to super cheap (think under $1) to try this.

Next, figure out your current Internet-viewable IP address to use as a baseline comparison after your SSH tunnel is setup. You could use a service like WhatIsMyIP.org or my current fav SpeedTest.net, to determine this.

Setup Local Proxy

If you have a computer with console SSH access, just enter the following command to log into your provider. “-D” specifies the port of the local proxy to listen on. This value is what you’ll use as the port in your browser’s proxy configuration. The “user” field is just your username at the remote provider and “ip” is the IP address of this remote host. You could replace this field with your service’s domain name but I prefer to use IP addresses when possible to prevent any DNS trickery.

ssh -D 8080 [email protected]

Assuming you’ve logged into this account before, you’ll just need to enter your password. If you haven’t, the console will also prompt you to verify the authenticity of your server’s RSA key fingerprint. It may be worth it documenting this fingerprint from a known safe network (e.g., not when at Defcon) for verification when connecting at your local Starbucks.

If you don’t have a computer with command line SSH available (e.g., Windows by default), you can use OpenSSH in Cygwin as an option or just use Putty. The nice thing about Putty is that you can usually execute it without admin privileges. Just download it here and start it up. To configure it to act as a local proxy navigate to the Connection > SSH > Tunnels area. For the Source Port value enter 8080 as above and for Destination enter localhost. Next, choose the Dynamic radio button, verify Auto is selected below that, and press the Add button.

Back in the Sessions configuration area enter your remote SSH IP and optionally save this as a session so you can easily return to it. Finally hit Open to connect to your remote server and log in as above with your username and password.

Configure Browser to Use Proxy

Next, you’ll need to set your browser to use the local proxy by configuring the SOCKS option. I use Firefox on Mac so I’ll describe that here. If this isn’t your setup, these instructions may differ slightly. Open your Preferences and navigate to Advanced -> Network. Select the Settings button and enter localhost and port 8080 for all the fields. Additionally to ensure that ALL browser traffic goes through the proxy, you may need to remove items from the exceptions list as well. Apply the settings and you’re basically done.

If you are extra paranoid you may also want to configure your browser to perform DNS lookups through the proxy as well. By default Firefox still uses your local OS settings. To change this configuration enter about:config in the URL address bar and click through the warning. Search for network.proxy.socks_remote_dns and set it to true. This makes the SOCKS proxy more like a regular proxy, where DNS is handled by the remote end of the tunnel.

Verify Remote Site In Use

To verify the browser is using the proxy go back to WhatIsMyIP.org or SpeedTest.net and check that it now lists the IP address of your remote SSH server.

#####

Any other suggestions for improving using SSH as a proxy? Let us know in the comments below. Today’s post pic is from UnixAdminGuide. See ya!

7 comments for “HOWTO – SSH Proxy 101

  1. February 28, 2013 at 3:19 pm

    BLOGGED: How-To: SSH Proxy 101 http://t.co/ucqU71TpFw

  2. February 28, 2013 at 4:00 pm

    When using PuTTY, don’t forget to go to “Connection | Proxy” and set “Do DNS Lookup at Proxy End” to “Yes”. Otherwise, your lookups will fall outside of the tunnel. ( Which could lead to big trouble, obviously. )

  3. February 28, 2013 at 4:28 pm

    pboin: Nice catch! Thanks…

  4. May 3, 2014 at 6:30 pm

    Best Of: HOWTO – SSH Proxy 101 http://t.co/60xFNOUs9V

  5. February 5, 2015 at 4:10 pm

    Best Of: HOWTO – SSH Proxy 101 http://t.co/60xFNPbvbV

  6. February 11, 2015 at 7:08 am

    Best Of: HOWTO – SSH Proxy 101 http://t.co/60xFNOTUkn

  7. February 11, 2015 at 7:08 am

    Best Of: HOWTO – SSH Proxy 101 http://t.co/60xFNOTUkn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.