Difference between revisions of "Privacy:SSH"
(placeholder for documentation ssh tunneling) |
(a few examples of ssh tunnelling) |
||
| Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
| + | * [https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/ SSH tunnelling explained with figures] | ||
| + | * [http://pentestmonkey.net/cheat-sheet/ssh-cheat-sheet SSH cheat sheet] | ||
| + | |||
| + | == Password-less login == | ||
| + | See Linux and Windows > OpenSSH to OpenSSH (ssh2) on this site | ||
* [http://inside.mines.edu/~gmurray/HowTo/sshNotes.html SSH tunnelling] | * [http://inside.mines.edu/~gmurray/HowTo/sshNotes.html SSH tunnelling] | ||
| − | |||
| − | |||
| − | == Use your computer at home to browse and check e-mail == | + | == Use your computer at home to browse the interweb and check e-mail == |
| + | |||
| + | In this example a laptop with Linux is used, a Firefox web browser and Thunderbird for e-mail. | ||
Setting up a SSH tunnel from anywhere (e.g. the hackerspace, a bar, the airport) to your home or another trusted place can help you to | Setting up a SSH tunnel from anywhere (e.g. the hackerspace, a bar, the airport) to your home or another trusted place can help you to | ||
| Line 18: | Line 23: | ||
It looks like you login to your server at home, but you have now created a, so-called, dynamic tunnel (the -D option) to home. | It looks like you login to your server at home, but you have now created a, so-called, dynamic tunnel (the -D option) to home. | ||
9001 indicates the local port on your laptop, me@myhome.nl:22 is the computer you use as a hub. | 9001 indicates the local port on your laptop, me@myhome.nl:22 is the computer you use as a hub. | ||
| + | |||
In your browser you can now use your local 9001 port to tunnel your traffic via your home computer. | In your browser you can now use your local 9001 port to tunnel your traffic via your home computer. | ||
| − | + | ||
| + | Firefox and Thunderbird: Preferences > Network > Configure how Firefox connects to the internet | ||
Choose "Manual proxy configuration" and fill in SOCKS Host: "localhost" and Port: "9001". Leave the other settings blank. | Choose "Manual proxy configuration" and fill in SOCKS Host: "localhost" and Port: "9001". Leave the other settings blank. | ||
You can check before and after you changed this how the internet sees you, e.g. by checking your ip-address with http://www.whatismyip.org/ | You can check before and after you changed this how the internet sees you, e.g. by checking your ip-address with http://www.whatismyip.org/ | ||
| + | |||
| + | In stead of the command above you can configure a shortcut in the .ssh/config file | ||
| + | Host home | ||
| + | Hostname home.nl | ||
| + | DynamicForward localhost:9001 | ||
| + | Port 1022 | ||
| + | User me | ||
| + | ForwardAgent yes | ||
| + | Next time you can setup the tunnel by typing the following command | ||
| + | ssh home | ||
| + | |||
| + | == Reverse tunnel == | ||
| + | See "Reverse Tunnelling with remote port forwarding" here: | ||
| + | * [https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/ Explained with figures] | ||
Revision as of 20:50, 17 August 2013
Contents
Introduction
Password-less login
See Linux and Windows > OpenSSH to OpenSSH (ssh2) on this site
Use your computer at home to browse the interweb and check e-mail
In this example a laptop with Linux is used, a Firefox web browser and Thunderbird for e-mail.
Setting up a SSH tunnel from anywhere (e.g. the hackerspace, a bar, the airport) to your home or another trusted place can help you to
- send your internet traffic over a secure connection
- access webpages that are blocked on the internet connection you are using
You use your trusted place (e.g. home) as a hub to access the rest of the internet. You need a ssh server to connect to. Let's assume we already have such a server (home.nl) with ssh running on port 1022. Here is an example to setup a tunnel from your laptop to your home via the commandline:
ssh -D 9001 me@home.nl:1022
It looks like you login to your server at home, but you have now created a, so-called, dynamic tunnel (the -D option) to home. 9001 indicates the local port on your laptop, me@myhome.nl:22 is the computer you use as a hub.
In your browser you can now use your local 9001 port to tunnel your traffic via your home computer.
Firefox and Thunderbird: Preferences > Network > Configure how Firefox connects to the internet Choose "Manual proxy configuration" and fill in SOCKS Host: "localhost" and Port: "9001". Leave the other settings blank.
You can check before and after you changed this how the internet sees you, e.g. by checking your ip-address with http://www.whatismyip.org/
In stead of the command above you can configure a shortcut in the .ssh/config file
Host home Hostname home.nl DynamicForward localhost:9001 Port 1022 User me ForwardAgent yes
Next time you can setup the tunnel by typing the following command
ssh home
Reverse tunnel
See "Reverse Tunnelling with remote port forwarding" here:
