If you have a laptop then you surely have been in a situation where you need to have a secure connection while on the move. This is most important when you are at a random hotspot and need to log into a non-secure site (authentication over http) or do not trust the vendor providing the connection. If you have access to a server running SSH then you can use a great feature in openssh to set up a SOCKS proxy and route all your traffic through. This is very similar to VPN’ing but you can do it on the fly and dont have to have an special client software on your machine.
This is written specifically for Unix based systems with some stuff even more specific for Gnome. If you are using Mac OSX, Linux or Unix variants you can set up the proxy with the commands but telling your system to use the tunnel may vary. Under windows there is a way to perform all these same things with putty, my apologies for not covering that here. If you are a windows user and cant find any good documentation please let me know I would be happy to write it up.
Tunnel through the tubes
The very simple way to achieve this is to open up the terminal and log into the server as you would typically but just add the -D argument with a port number to your login:
ssh -D 8080 <user>@<host>
Now this makes your SSH client listen on the local port 8080, anything that you route through that port will be tunneled securely to your SSH server. This is the very basic setup, I have a little script that I use to set up my tunnel and it looks like this:
#!/bin/bash
ssh -p <host port> -fCND 127.0.0.1:8080 <user>@<host>
Quickly breaking this down:
-p <host port> — I run my SSH daemon on a non default port as to promote security through obscurity, if your server is listening on port 22 then you can ignore this command.
-f — forces ssh to go to the background, I use this with key authentication and run my script with the sudo command
-C — requests compression of all data (gzip) can speed up your experience
-N — does not execute a remote command, this is great because you are logged in but you can close the window and surf now.
-D 127.0.0.1:8080 — creates a socket bind address on a listening port, this is the SOCKS proxy we will be routing through.
Tell Gnome to use your Tunnel
You can tell all applications on your system to use this tunnel through Gnome’s network-proxy interface. It is located under System>Preferences>Network Proxy. You can set up the SOCKS proxy in the Network Proxy and apply the settings system wide:
Apply System-Wide and your ready to go.
Firefox
Firefox will respect Network-Proxy’s settings however there is one property that you can change that will cause the DNS requests to go over the SOCKS proxy also, instead of your local DNS server which may be the router that you dont trust. Open up firefox and type “about:config” into the address bar to get all of the properties that you can change. Search for DNS and change this guy:
network.proxy.socks_remote_dns
Initially it will be set to false, but double clicking on it will set the value to true. Now your good to go.
Resources
Creating SSH Tunnels in Linux (TuxTraining)
Using SSH as an Ad-Hoc VPN (FOSSwire)