How to create an SSH Tunnel for Proxy
CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA
Imagine this: you bring your own laptop to a coffee shop, utilize its WIFI to browse the Internet and check the balance of your bank accounts. The traffic is not encrypted even if the WIFI access point is locked. Anyone who has a sniffing tool can read your bank account information.
One way to overcome this issue is to utilize a proxy server through an SSH Tunnel. In this guide, I will show you how to do just that.
You’ll need:
- Router running DD-WRT or Tomato.
- Computer 1 running Windows with Putty and PuttyGen (Full Putty Package).
- Computer 2 (laptop) to bring to Coffee Shop.
- SOCKS enabled application such as Firefox.
On Computer 1, perform the followings:
Download Full Putty Pack.
Run PuttyGen.exe to generate an RSA key pair with or without a passphrase. It will be more secure to use the keys with a passphrase but you need to enter the passphrase every time you connect to the tunnel.
Save the private key as MyRSAKey.PPK.
Copy the “Public key for pasting into OpenSSH authorized-keys files” to Notepad.
Repeat the key generation process for every device to be used remotely at the Coffee Shop.
2/ Configure DD-WRT or Tomato Router (this is the Home Router)
SSH server will be enabled on this router. Every time when you are at the Coffee Shop accessing the insecure WIFI Internet, a tunnel is created from that Coffee Shop to your home router and your web traffic will be traversing this tunnel before going out to the Internet.
Configure the home router using the following parameters:
Remote Port: 10022
Local Port: 22
Do not allow Password Logon
Then paste the pubic key (from Notepad above) to the authorize_keys section.
3/ Configure laptop
Now we will configure the laptop (the device that we will be bringing to the Coffee Shop). Start by downloading and installing Full Putty Pack on this computer so that we can use it.
Open Putty, go to Session, enter the public IP address of your home router. The port should be 10022. Now save the session.
Click SSH, Auth and brose to the file MyRSAKey.PPK.
Click SSH, Tunnel to make Putty a proxy Server. Fill the information as follows then click Add.
Go to Session and click Save. Then click Open.
When prompted, enter root and the passphrase if you enabled it.
4/ Firefox configurations
Now we need to tell Firefox to use Putty for proxy. Open Firefox, click Tools, Options, Advanced. Click Network tab, then under Connection, click Settings.
Choose Manual Proxy configuration. Use the following parameters.
Now we need to tell Firefox for also use proxy for DNS requests.
In the Firefox browser, type about:config. Click I’ll be careful, I promise!
Type network.proxy.socks_remote_dns and double-click the Preference Name to turn the Value to true.
This means that every time you use Firefox, the Proxy will kick in. You can easily use FoxyProxy or Proxy Switchy! to help with easy (or even automatic detection) switching to activate / deactivate proxy usage.