Is it Possible to SSH Tunnel With Linux Like On the Android?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it Possible to SSH Tunnel With Linux Like On the Android?
Hi all,
I read on LifeHacker.com that you can download SSH Tunnel for your rooted Android which allows you to log in securely over unsecure wifi networks.
I'm guessing this is possible on Linux, but does that mean that I can point Firefox @ a site like Gmail or Yahoo Mail over an unsecure wifi network and my connection theoretically be unsniffable? I have found
and I've read a little. It's starting to look like I would have to have my own server @ home to log in securely in order to do that, am I correct? If there is a way to do that, please give me the correct search phrase, so I can research on my own. Thanks.
You could simply use the http protocol in your browser. Another option you may have in mind is browsing through a vpn tunnel to your home computer.
Did you mean httpS protocol? And do you mean browsing to a vpn on my router @ home? Maybe I didn't make my question clear. If I'm wanting to check email, but the hotel has only an unsecured wifi.
But I don't understand this,
[/QUOTE]
The target of an SSH or VPN tunnel needs to be cooperative. This means the SSL protocol or you control the remote site.[/QUOTE]
so I've got lots of reading to do
Did you mean httpS protocol? And do you mean browsing to a vpn on my router @ home? Maybe I didn't make my question clear. If I'm wanting to check email, but the hotel has only an unsecured wifi.
Yes and you can do this with SSH. In fact it will undoubtedly be an easier approach than trying to configure a VPN. If you have SSH (SSHD, the server) running on you home network so that you can log in remotely, you can use this to establish a secure connection from an insecure location. You can do this by creating a SOCKS proxy tunnel using SSH and running your browser through this connection. The traffic will pass from your present location, via the encrypted SSH to your home, where it will then be relayed on to the final destination. Note, that if you want end-to-end encryption, for example if you were looking at a bank account, that you still need to use HTTPS. The SSH portion will only cover from your present location to your home.
To do this, once you have the SSH server running, is very easy. Open up a terminal and use a command like the following:
Code:
ssh -ND 9999 <your server address/name>
or
ssh -CND 9999 <your server address/name> to compress the SSH traffic
Then tell your browser to use a socks proxy on port 9999 at the address of localhost or 127.0.0.1
If you are using Firefox, you can also go to the about:config site and set it to use remote DNS. This will cause your browser to use your home LAN's DNS server so that the operators wherever your at won't even be able to see what you were up to via your DNS queries (i.e. the sites your going to).
Edit: if you do run an SSH server be sure to secure it properly. For example, do not allow root login and use key based authentication with passwords disabled. While it is a little trickier, this DOES work with phone SSH clients too.
Hey, thank you so much for that info. But first I have to get the necessary hardware and built, install and configure a server. Even though I still don't understand it, it looks cool, and like a very useful tool. Looks like I really need to study, though.
I find it odd that some sites are up in https and never seem to tell anyone. I think Hotmail just got encrypted fully but not sure they others have taken so long.
You'd have to go to a special secure email to protect your data.
@all: I did find the gSTM app in my LinuxMint via Synaptic installer. It is Gnome SSH Tunnel Manager. But of course, it requires that I be able to log into a SSH server which I don't have. So back to the drawing board. Guess, I'll have to build a server, and learn to SSH it.
The web is the most insecure and dungeon-y place ever, and most websites have zero regard for personal security, nevermind notifying you that they've just become https:// enabled.
I actually employ the exact technique you're wondering about, I tunnel over ssh and/or vpn to a box, which is great for connections that are either unsecured or for something that you may not trust (i.e. a public network that is "secured", but that has a simple password they hand out). The best way to get familiar with everything is doing exactly what you said, actually get the hardware, put a box together, and have at it!
Guess, I'll have to build a server, and learn to SSH it.
The resource requirements are extremely modest. If you have a PC at home that you do, or could, routinely leave on that is all that would be required. No special or dedicated server needed. There are even SSH servers available for Windows, but Linux would be easier and probably has it enabled by default. The only things you would need to do are secure it properly (be sure to double check the configuration settings), add port forwarding to your router, and go.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.