a bit lost with ssh tunnels and proxy

yanik · 05-31-2006, 10:57 AM

Hi everyone.

I'm using debian etch at work and I'm running a clarkconnect server at home (clarkconnect is basically redhat/fc).

Some other employees here just discovered the joy of sniffing/arp poisonning/mitm...

It bothers me. I'm not the kind of guy that will go cry at the mighty sysadmin, I'll take care of my own concern with the help of the community and ssh!

I want to secure my msn chatting and my web browsing.

On my clarkconnect box I have port 24958 listenning for ssh. How would I do this? like that?

Code:

ssh -C -L localport:localhost:remoteport username@remotehost

So if I do

Code:

ssh -C -L 1234:localhost:24958 yanik@mydomain.com

I could tell firefox to use a proxy and point it to localhost:1234, right? Can I use the same tunel for gaim/msn?

Thanks

acid_kewpie · 05-31-2006, 02:55 PM

it's not the localhost in the middle there, it's the remote host as the ssh server will see it. you would establish one tunnel for each function you wish to use, you can have as many -L's on the ssh command as you wish.

basically you connect on your client to localhost:1234 and that pops out on the server and the server points that packet towards othermachine:2345 assuming that "othermachine" is resolvable and reachable by the server.

if you've not got the ssh even conecting yet, then you would ssh to a non standard port by "ssh remotemachine.com:2345" this is not part of the tunneling. the tunneling is added to the connections capabilities once you are connected via ssh.

i don't know how msn works with a tunnel, i'm sure it's totally possible but i don't know. for the web side, i personally have had success by using tinyproxy running on the ssh server and using that as a proxy for the clients web browser (so you would set your proxy locally to be localhost:8080 or whatever, and that ends up on the other end of the tunnel ( 8080:localhost:8080 ) hitting the proxy. nice and simple. i'm sure the use of localhost is a bit confusing, took me a while, but in that exmaple the "localhost" is referring to the server which would call itself localhost.

yanik · 05-31-2006, 03:11 PM

thanks mate. I got it up and running, web browsing and IM.

Here's what I did:

Code:

ssh -p24958 -N -C -L 8118:localhost:8118 user@remotehost

On the remote host I have sshd (on port 24958), squid and privoxy running.

I set firefox to use the http proxy at localhost port 8118, which is redirected to remotehost. I configured gnome to use the proxy and set gaim to use the global proxy settings. Everything works, except my wheater applet in the gnome-panel. good enough for now!

Yanik