SSH Tunnel Tutorial

Introduction: A SSH tunnel consists of an encrypted tunnel created through a SSH protocol connection. A SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel. For example we can use a ssh tunnel to securely transfer files between a FTP server and a client even though the FTP protocol itself is not encrypted. SSH tunnels also provide a means to bypass firewalls that prohibits or filter certain internet services. For example an organization will block certain sites using their proxy filter. But users may not wish to have their web traffic monitored or blocked by the organization proxy filter. If users can connect to an external SSH server, they can create a SSH tunnel to forward a given port on their local machine to port 80 on remote web-server via the external SSH server.
This ssh tunnel tutorial will deliberately bypass a firewall, and security admins will frown (at the very least) on you bypassing a corporate firewall. How to encrypt anything over SSH tunnel using a Socks Proxy.
*. How to Browse Securely from hotspots or hide from corporate firewalls/sniffers.

---

SSH Tunnel Summary

---

Using an ssh server that has internet access as a browsing point, you will create an ssh tunnel from your local PC to a remote server. Source all of your traffic from it, and encrypt communications to it using free software. This tutorial will show you how to setup an SSH Tunnel and use this to create aSocks Proxy. Requires an SSH account anywhere even your home PC with cygwin or ubuntu installed. You could then use this to tunnel from an unsafe place and browse as if you were at the safe, remote location instead. This is free.

---

SSH Tunnel Instructions

---

1. Find your current IP Go to whatismyip.com, look at your existing IP, without proxy.
Reason: compare later when we have a tunnel.
2. Packet Capture

Th: !(ipv6.dst == ff02::1) && !(ipv6.dst == ff02::c) && !stp && !cdp && !dtp && !dhcpv6 && !arp && !nbns && !browser && !icmpv6 && !ip.src== 192.168.1.105 &&

Reason: verify that you are truly encrypted. This filter just hides network chatter. It’s the same thing a snooper would see. your filter may be different, or not required. I was on a chatty network when I inspected and thought this example would be worth showing.
3. Setup Putty for SSH Tunnel:
*. Session: user@ yourserver.com:22
*. Connection > SSH: V2, Enable Compresion
*. Connection > SSH > Tunnels > Source: 7070, Dynamic, ADD
*. Session: Save, Open or, create an SSH tunnel via command line:

ssh -D 7070 -p 22 user@ yourserver.com sleep 9999

Reason: sets up loopback port (7070) on your local PC and connects over port 22 to the remote shell
4. Setup Firefox to encrypt to use the tunnel:
*. Tools > Options > Network > Settings > Manual
*. Socks: 127.0.0.1: 7070
*. Click OK.
5. Setup Firefox to use Remote DNS

about:config network.proxy.socks_remote_dns=true

Reason: By default, your local PC will do the DNS by default, but that will show what websites you are going to, so this steps ends DNS over the ssh tunnel.
6. Restart Browser
Reason: configures firefox to route traffic through the tunnel you just made
7. Test
*. View everything is over port 22
*. View IP is different from whatismyip.com
*. View filter in wireshark: dns, there should be no entries.
References
*. https://addons.mozilla.org /en-US/thunderbird /user/323/(foxyproxy allows quick proxy swaps in mozilla,thunderbird, etc).
*. ftp://ftp.chiark.greenend.o rg.uk/users/sgtatham/putty-latest/x86/putty.exe
*. http://www.wireshark.org/download.html

---

SSH Tunnel NOT SAFE

---

Is all browsing now encrypted? No, it’s only encrypted to the remote server. From that point on it’s normal. Though if you were browsing an https connection without cookies, it’s pretty hard to figure out what your traffic is. Cookies are relatively simple to capture, sniff then replay for a man in the middle type attack or privileged login.