I love SSH tunnels. I use them as a cheap VPN solution when traveling, and if I need to get access to an internal web server on the inside of a network (assuming the network isn’t separated). As an example, I have 2 computers at home which I use daily for development, etc. When traveling, I have a laptop that I use. Well, I use VirtualBox at home, since the computers there have plenty of RAM to support it, where my laptop isn’t as VM friendly (its old, but has served me well, and will continue to do so until it croaks.), so I needed a way to access my applications running on the VM while on the go. Enter SSH tunnels. SSH tunnels work by opening a port over which traffic can flow to the remote location. Using ‘dynamic ports’, you get a SOCKS proxy.
You create SSH tunnels using:
ssh -D 8080 username@remote_server
Which opens port 8080 on the local machine. Then, you can configure your browser of choice to use a SOCKS v5 Proxy at 127.0.0.1:8080. Specifically in Firefox, make sure that none of your other proxy settings are set.
It should look like the following:
Now, you can check the IP address for your connection by visiting a site like: http://www.whatsmyip.org/
August 27th, 2010 at 10:02 am
No, that will not get the job done by itself. When I travel to China I use a personal VPN, to unblock web sites and make sure all my data is securely encrypted out of country. Since the VPN encrypts the network connection I’m not worried about Java and Flash leaking information or my email getting hacked.
August 27th, 2010 at 10:10 am
Hi – I can’t _quite_ tell if this is a spam comment for a personal VPN solution, but I’ll reply for others here. A SOCKS proxy does forward traffic over the SSH tunnel, so the traffic is encrypted (via the SSH tunnel), and Java/Flash are still delivered over HTTP so, that traffic will also use the SSH tunnel. Ultimately, yes, a VPN solution is ‘better’, though I would contend that an SSH tunnel is ‘easier’.
Regardless, my purpose in using the SSH tunnels isn’t to circumvent _others_ firewalls / routers, necessarily, but to also punch a hole in my own, so I can access my local network (at home) from the road without exposing anything except an SSH port, which is quite secure.