Magical SSH Tunnel Solution

Magical SSH Tunnel Solution

(1) Install Cygwin on your Windows box (the one you wish to obfuscate from prying eyes). http://www.cygwin.com. Make sure you install ssh, openssl. I am 99% sure both of these are installed by default.

(2) Create a script containing the following (either use vi and paste the following in or create the file in Notepad and move the file to C:\cygwin\bin) and name it ssh-tunnel.

The 8181 sets up your local port for the proxy (what your local browser will connect to). I had to use 8181 since both 80 and 8080 were in use by various servers on my machine. The -C sets up compression, the -v makes the session verbose (which I like for debugging purposes).

#!/bin/sh

/bin/ssh -C2TN -v -D 8181 user@domain.com

(3) On the client side, the solution works best with Firefox since it has a nice Add-On called Multiproxy. Download and install Multiproxy in Firefox. (The only limitation is that when you use Multiproxy it changes the proxy for all of your open sessions/tabs/windows. So if you are accessing an internal only site with Firefox, you will lose that connection. Just for this reason I do all my internal surfing/web app-ing in IE and then my external stuff in Firefox. But I know not everyones circumstance can be this flexible. Even with that limitation this is a better solution than either IE or Chrome. Both use the Windows Internet Control Panel proxy, which cannot be quickly/easily switched [though I imagine you could write a VBS to flip the proxy on and off]). Using Multiproxy, create a SOCKS 5 (ONLY! Not http or https) proxy at 127.0.0.1 port 8181 (or whatever you changed the port to in step 2).

(4) Fire up a Cygwin terminal and execute ssh-tunnel. You will see some output and shortly be prompted for the shell password of your remote account. Type it in. The tunnel should output some debug information and wait for your browser connection. You have to keep this cygwin window open! If you find the output annoying you can minimize it. If you want to minimize the output remove the -v verbose option and you can run ssh-tunnel & which should return you to a prompt after you provide a password.

(5) Switch Multiproxy to use your internal proxy (I named mine SSH).

(6) Connect to something naughty.

The benefits of this are many. To any snooping administrators on your network, all they see is a ssh connection on the network. Even companies that don't monitor the content of your HTTP/Browsing connections likely will see/monitor/log things like the URLs you connect to and at what times.

You can route other services through this tunnel, anything that is SOCKS 5 friendly. I personally use it to connect to Google Talk/Google Chat using the Pidgin client. Again, a network administrator locally doesn't even know which services I am routing through the tunnel, be it my browser, a chat client or even a X Term or Remote Desktop session home.

At this point I set my Firefox Privacy options to Automatically start Firefox in a private browsing session. With this enabled no history, cookies, download history or form history is saved locally. While of course there are ways for your machine to be intruded upon (your work machine is not YOUR machine) you are surfing with much more comfort.

fuerstma@gmail.com
nerdstuff.net - Home of Matt Fuerst