Difference between revisions of "Privacy:SSH"
m (another typo) |
m |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
== Password-less login == | == Password-less login == | ||
| − | + | http://www.debian-administration.org/article/152/Password-less_logins_with_OpenSSH | |
| − | + | ||
| + | Generate keys on the machine you are connecting from | ||
| + | ssh-keygen -t rsa | ||
| + | Append the generated public key to the ~/.ssh/authorized_keys file on the machine you are connecting to | ||
== Use your computer at home to browse the interweb and check e-mail == | == Use your computer at home to browse the interweb and check e-mail == | ||
| Line 28: | Line 31: | ||
Firefox and Thunderbird: Preferences > Network > Configure how Firefox connects to the internet | Firefox and Thunderbird: Preferences > Network > Configure how Firefox connects to the internet | ||
Choose "Manual proxy configuration" and fill in SOCKS Host: "localhost" and Port: "9001". Leave the other settings blank. | Choose "Manual proxy configuration" and fill in SOCKS Host: "localhost" and Port: "9001". Leave the other settings blank. | ||
| + | You can do this for any application that support SOCKS, for example IM clients and skype. | ||
You can check before and after you changed this how the internet sees you, e.g. by checking your ip-address with http://www.whatismyip.org/ | You can check before and after you changed this how the internet sees you, e.g. by checking your ip-address with http://www.whatismyip.org/ | ||
| Line 46: | Line 50: | ||
See "Reverse Tunnelling with remote port forwarding" here: | See "Reverse Tunnelling with remote port forwarding" here: | ||
* [https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/ Explained with figures] | * [https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/ Explained with figures] | ||
| + | * [http://www.howtoforge.com/reverse-ssh-tunneling and another example] | ||
| + | * http://wiki.fabelier.org/index.php?title=Permanent_Reverse_SSH_Tunneling | ||
| + | * http://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work (with very clear figures) | ||
Latest revision as of 12:36, 7 October 2014
Contents
Introduction
Password-less login
http://www.debian-administration.org/article/152/Password-less_logins_with_OpenSSH
Generate keys on the machine you are connecting from
ssh-keygen -t rsa
Append the generated public key to the ~/.ssh/authorized_keys file on the machine you are connecting to
Use your computer at home to browse the interweb and check e-mail
In this example a laptop with Linux is used, a Firefox web browser and Thunderbird for e-mail.
Setting up a SSH tunnel from anywhere (e.g. the hackerspace, a bar, the airport) to your home or another trusted place can help you to
- send your internet traffic over a secure connection
- access webpages that are blocked on the internet connection you are using
You use your trusted place (e.g. home) as a hub to access the rest of the internet. You need a ssh server to connect to. Let's assume we already have such a server (home.nl) with ssh running on port 1022. Here is an example to setup a tunnel from your laptop to your home via the commandline:
ssh -D 9001 me@home.nl:1022
It looks like you login to your server at home, but you have now created a dynamic tunnel (the -D option) to home that you can use for browsing and e-mail. 9001 indicates the local port on your laptop, me@home.nl:1022 is the computer you use as a hub.
In your browser you can use your local 9001 port to tunnel your traffic via your home computer.
Firefox and Thunderbird: Preferences > Network > Configure how Firefox connects to the internet Choose "Manual proxy configuration" and fill in SOCKS Host: "localhost" and Port: "9001". Leave the other settings blank. You can do this for any application that support SOCKS, for example IM clients and skype.
You can check before and after you changed this how the internet sees you, e.g. by checking your ip-address with http://www.whatismyip.org/
In stead of the command above you can configure a shortcut in the .ssh/config file
Host home Hostname home.nl DynamicForward localhost:9001 Port 1022 User me ForwardAgent yes
Next time you can setup the tunnel by typing the following command
ssh home
Note that with this solution your internet traffic is encrypted between the place you are and your home. It is not encrypted from your home to the rest of the world.
Reverse tunnel
See "Reverse Tunnelling with remote port forwarding" here:
