SSH Tunneling
SSH Tunneling
/ // // | \
\ \ \ \/ ~ \
/ \/ \ Y /
/_______ /_______ /\| /
\/ \/ \/
___________ . .__
\__ / __ ____ ____ ____ | | || ____ ____
| | | | \/ \ / \/ __ \| | | |/ \ / \
| | | | / | \ | \ /| || | | \/ // >
|| |/|| /| /\ >/|| /\ /
\/ \/ \/ [Haykuro] \//_____/
.TABLE OF CONTENTS
A. SSH .Telnet .Putty
B. Tunneling Explanation C. SSH Tunneling .Telnet .Putty
C. CREDITS
A. SSH .TELNET
"Telnet is a user command using TCP/IP protocols to access a computer remotely. To have access to that computer, you must have permission, meaning you must authenticate to the system with a valid username and password. When you are connected to the network using telnet, you can enter commands and they will be executed as if the were being entered directly onto the server console." - www.greencomputer.com/solutions/glossary.html
Telnet in short, is used to connect to a remote computer and interact with it. Telnet can be used for many reasons, terminal based SMTP servers, terminal based FTP servers, terminal based HTTP servers (sorta like the old BBS boards).
.Putty
"PuTTY is an SSH, Telnet, rlogin, and raw TCP client. It was originally available only for Windows, but is now also available on various Unix platforms, with work-in-progress ports to Classic Mac OS and Mac OS X. Other people have contributed unofficial ports to other platforms. It is written and maintained primarily by Simon Tatham, and is open source, licensed under the MIT license." - en.wikipedia.org/wiki/PuTTY
Sumarized, putty is used alot like telnet but less buggy and much more user friendly. It also comes with a GUI to help out those who do not want to launch commands via the command prompt (such as "putty -ssh …..")
B. Tunneling Explanation
Tunneling is used to do 3 things.
- Avoid web filters.
- Avoid sniffers on a untrusted network.
- Getting to a trusted internet source at airports, hotels, starbucks, and other places with hotspots. (Yes, this can also be used to gain free internet at places like this, but that is illegal and I dont recommend doing so. Getting arrested over stealing some internet at a cafe is just plain stupid.)
Tunneling is basicly just creating a "tunnel" between you and a trusted computer.
Example: NOT TUNNELED: Untrusted network -> You -> Website SNIFFER WOULD PICK UP THE PACKETS AND PASSWORDS CLEARLY.
Untrusted network -> You -ENCRYPTED> Trusted computer -> Website SNIFFERS WOULD EIGTHER NOT PICK UP THE PACKETS, OR GET THEM ENCRYPTED.
So your only using the internet of the untrusted network to connect to the trusted computer via SSH. The trusted computer is then the one who browses and sends back data, its used like a SOCKS proxy.
C. SSH Tunneling .TELNET
To do SSH tunneling via telnet you must forward any port not being used by another application. Then open CMD and type: telnet TRUSTED_COMPUTER_IP 22
this will connect to the trusted computer on port 22 (ssh). login if prompted.
Now run firefox and click Tools>>Options. Then click Connection Settings. Now tick Manual Proxy Configuration. Leave HTTP/SSL/FTP/Gopher proxy's blank and fill in the SOCKS Host boxes. The first box is localhost (or 127.0.0.1) The port is whatever port you forwarded. Now just click ok and click ok again at the main options screen. Now try surfing to google or something and it should now be surfing under the IP of the trusted computer. (go to www.whatismyip.com to see the trusted computer IP instead of urs).
.Putty
Run putty. Click Connection->SSH then click on Tunnels. Now on the box that sais Source Port fill in the port to be forwarded. Then tick Dynamic. Then click the ADD button. You should now see something like "D#" where # is the port you forwarded.
Now click Session at the right.
Under the box that sais Host Name (or IP adress) enter the trusted computers host name or IP.
Under port put 22 (ssh).
Set protocol to SSH.
OPTIONAL: if you do not want to go thru this again, under the text that sais Saved Sessions type anything you want and hit save, next time you wish to tunnel just click it in the list one time and hit load.
Now click open. login if prompted.
Now run firefox and click Tools>>Options. Then click Connection Settings. Now tick Manual Proxy Configuration. Leave HTTP/SSL/FTP/Gopher proxy's blank and fill in the SOCKS Host boxes. The first box is localhost (or 127.0.0.1) The port is whatever port you forwarded. Now just click ok and click ok again at the main options screen. Now try surfing to google or something and it should now be surfing under the IP of the trusted computer. (go to www.whatismyip.com to see the trusted computer IP instead of urs).
C. CREDITS
Written by: Haykuro Written on: 1/17/05
ghost 18 years ago
It would be nice if someone could give me some help on finding remote SSHs :D Google hasn't given me anything yet.Good article BTW.
ghost 18 years ago
It seems to me that this is only useful when you really need to use a bit of free Internet. Other than that, a standard cgi web-proxy wouldn't hurt.
ghost 18 years ago
this way is basicly used so others cant sniff ur passwords/emails/chat convo's/ect..
as for u, thomasantony, i wud suggest searching google for "free SSH accounts" i found some good ones :)
thx all for reading :)