Tag Archives: ssh tunnels

Dynamic ssh tunneling with putty to secure web traffic

Uncategorized, , , , , , , , , ,

Sometimes you might want to tunnel traffic over ssh to protect it from prying eyes on wireless/untrusted networks.

You can use an ssh tunnel to a Linux server to encrypt all of your browsing traffic. However, after it leaves the ssh server, it will no longer be encrypted.

Launch putty and head to Connection > SSH > Tunnels

In the Source port field, enter a port number that your computer will listen for traffic on. Be sure to pick one that isn’t being used by another program. (8910 should be a safe bet)

Then select Dynamic and Auto as the port type and then click Add.

The window should look like this.

Dynamic Port in Putty

Then scroll back up and click on Session.

Enter the IP address of the machine running the SSH server in the Host Name (or IP address) field.

Then type a name in the Saved Sessions box and click Save for future usage.

Now you can double click on the name of the saved session to start up the tunnel.

You will have to enter your username and password before the tunnel will work correctly, unless the server is configured for anonymous logins.

You may also use key based authentication to bypass the need to enter a username and password for each login. See this article for details.

Once the SSH session is open and the tunnel is up. Your browser needs to be configured to use the tunnel.

Firefox

Click Tools > Options…

Head to the Advanced tab and then the Network sub-tab and click Settings…

Change the setting to Manual proxy configuration:

In theĀ SOCKS Host: field, type 127.0.0.1 and enter the port number you chose earlier (8910 for the example)

All of the other fields should be blank other than the No Proxy for: field. This tells firefox to skip the proxy server when visiting these addresses.

Mozilla Proxy Config

Click OK and then OK to return to the browser. Your web traffic through Firefox will now be tunneled.

When you are don’t want to use the proxy any more, head back to this configuration window and set it back to No proxy

Google Chrome & Internet Explorer

Google Chrome uses Internet Explorer’s proxy settings, so changing the configuration for Internet Explorer will apply to Chrome as well.

Go to Start > Run and type inetcpl.cpl and then hit enter. (In Vista/7, just type that command in the Search programs and files box in the start menu and hit enter.)

Click on the Connections tab and then click LAN settings.

Check the Use a proxy server for your LAN option and then click Advanced.

In the Socks: field, enter 127.0.0.1 and then enter the port you chose earlier in the Port field. (8910 in the example)

IE/Chrome Proxy Settings

Click OK, then OK, and then OK.

Your traffic for IE and Chrome will now be tunneled through the SSH server.

To disable it, just clear the Use a proxy server for your LAN option. The Advanced settings don’t have to be cleared out.