How to create an SSH Tunnel for Proxy to a Linux Server
CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA
In this guide I will show you how to utilize a proxy server through an SSH Tunnel. The server accepting the SSH connection will be a Linux Server running SSHD.
- A Linux router running SSHD.
- Computer 1 running Windows with Putty and PuttyGen (Full Putty Package).
- SOCKS enabled application such as Firefox.
1/ Generate RSA Key Pair
On Computer 1, perform the followings:
Download Full Putty Pack.
Run PuttyGen.exe to generate an RSA key pair with or without a passphrase. It will be more secure to use the keys with a passphrase but you need to enter the passphrase every time you connect to the tunnel. For the purpose of this lab, we will not use a passphrase.
Save the private key as MyRSAKey.PPK. This private key will be used on this computer later.
Copy the “Public key for pasting into OpenSSH authorized-keys files” to Notepad.
Temporarily paste the contents you copied into Notepad.
2/ Configure the Linux Server
Paste the pubic key (from Notepad above) to the ~/.ssh/authorize_keys section.
3/ Configure The Local Computer
Now we will configure Putty so that the local computer will rely on Putty to establish a tunnel to the remote Linux Server. Start by downloading and installing Full Putty Pack on this computer so that we can use it.
Open Putty, go to Session, enter the public IP address / hostname of your Linux server. The port should be 22. Now save the session.
Click SSH, Auth and browse to the file MyRSAKey.PPK.
Click SSH, Tunnel to make Putty a proxy Server. Fill the information as follows then click Add. Make sure that a new entry is shown up in the Forwarded Port area. In this case, it is called D80.
Go to Session and click Save. Then click Open.
When prompted, enter root as user name. No password is needed because we are authenticating using the keys.
4/ Firefox Configurations
Now we need to tell Firefox to rely on Putty for proxy service. Open Firefox, under the Tools menu, click Options, Advanced. Click Network tab, then under Connection, click Settings.
Choose Manual Proxy Configuration. Use the following parameters.
Now we need to tell Firefox for also use proxy for DNS requests. Although without this, the sniffer will not be able to read your information, but DNS requests will be seen. Therefore, they would be able to tell which web site you are visiting.
In the Firefox browser, type about:config in the URL area. Click I’ll be careful, I promise!
Type network.proxy.socks_remote_dns and double-click the Preference Name to turn the Value to true.
Open Firefox and check your public IP address. It should be that of the Linux Server.
This means that every time you use Firefox, the Proxy will kick in. You can easily use FoxyProxy or Proxy Switchy! to help with easy (or even automatic detection) switching to activate / deactivate proxy usage.
5/ FoxyProxy Configurations
In this guide, I will show you how to use FoxyProxy. First, we need to clear the Proxy settings that we configured earlier. In Firefox, click Tools, Options. Advanced, Network tab, Settings…
Ensure that No Proxy is selected.
Go to the web site https://getfoxyproxy.org.
Click free download.
Click Add to Firefox
Wait for a few seconds…
Click Restart Now to restart Firefox.
After Firefox restarts, click the FoxyProxy button in the standard toolbar.
Click Add New Proxy.
Configuration of the new Proxy is as follows:
In Global Settings tab, make sure to set the left mouse click to Cycle through modes.
Click the FoxyProxy icon to activate it, the browsing traffic will go through the SSH tunnel.
Click it again to turn off the tunnel. Remember that the SSH connection must always remain connected for all this to happen.