Tag Archives: putty

Dynamic ssh tunneling with putty to secure web traffic

Uncategorized, , , , , , , , , ,

Sometimes you might want to tunnel traffic over ssh to protect it from prying eyes on wireless/untrusted networks.

You can use an ssh tunnel to a Linux server to encrypt all of your browsing traffic. However, after it leaves the ssh server, it will no longer be encrypted.

Launch putty and head to Connection > SSH > Tunnels

In the Source port field, enter a port number that your computer will listen for traffic on. Be sure to pick one that isn’t being used by another program. (8910 should be a safe bet)

Then select Dynamic and Auto as the port type and then click Add.

The window should look like this.

Dynamic Port in Putty

Then scroll back up and click on Session.

Enter the IP address of the machine running the SSH server in the Host Name (or IP address) field.

Then type a name in the Saved Sessions box and click Save for future usage.

Now you can double click on the name of the saved session to start up the tunnel.

You will have to enter your username and password before the tunnel will work correctly, unless the server is configured for anonymous logins.

You may also use key based authentication to bypass the need to enter a username and password for each login. See this article for details.

Once the SSH session is open and the tunnel is up. Your browser needs to be configured to use the tunnel.

Firefox

Click Tools > Options…

Head to the Advanced tab and then the Network sub-tab and click Settings…

Change the setting to Manual proxy configuration:

In theĀ SOCKS Host: field, type 127.0.0.1 and enter the port number you chose earlier (8910 for the example)

All of the other fields should be blank other than the No Proxy for: field. This tells firefox to skip the proxy server when visiting these addresses.

Mozilla Proxy Config

Click OK and then OK to return to the browser. Your web traffic through Firefox will now be tunneled.

When you are don’t want to use the proxy any more, head back to this configuration window and set it back to No proxy

Google Chrome & Internet Explorer

Google Chrome uses Internet Explorer’s proxy settings, so changing the configuration for Internet Explorer will apply to Chrome as well.

Go to Start > Run and type inetcpl.cpl and then hit enter. (In Vista/7, just type that command in the Search programs and files box in the start menu and hit enter.)

Click on the Connections tab and then click LAN settings.

Check the Use a proxy server for your LAN option and then click Advanced.

In the Socks: field, enter 127.0.0.1 and then enter the port you chose earlier in the Port field. (8910 in the example)

IE/Chrome Proxy Settings

Click OK, then OK, and then OK.

Your traffic for IE and Chrome will now be tunneled through the SSH server.

To disable it, just clear the Use a proxy server for your LAN option. The Advanced settings don’t have to be cleared out.


Public Key Authentication with Putty

Uncategorized, , , , ,

Hello,

Windows = Still Exists

Administration from Windows of Linux = Putty

Key-based authentication from Putty = Puttygen

Launch the key generator included with Putty called PuTTYgen.

Click Generate. Move the mouse around for some good ol random numbers.

Stick a passphrase on it if you’re feeling insecure about yourself.

Save the public key somewhere and save the private key somewhere too. (Both are required for a good time.)

Before you close the program, copy the prepared public key to the clipboard from the box in PuTTYgen that has been prepared for the authorized_keys file.

Open an ssh session to the machine you’re administering.

~$ cat >> ~./ssh/authorized_keys

Then paste your key in there, hit enter, and press CTRL-C.

Now create a new session in PuTTY.

Go to Connection > Data and put in your Auto-login username that you just appended the public key to.

Then go to Connection > SSH > Auth and put the path of your private key in the box.

Then go back up to Session. Put the address or host name of your machine in the Host Name box, stick a name in Saved Sessions and hit Save.

Now you can double-click on it for instant satisfaction of authentication.