So I had started this a long time ago, and forgotten all about it as I really didn’t have a use for it. Now that I have the ability to tether, and I have my eeePC working again, combined with attending LUGs—now I have the use for a secure tunnel.
In case you aren’t aware (I wasn’t), passwords and logins are sent in PLAIN TEXT—yes, I said plain text. Nuts, huh? Anyway, so when you are not on a known or somewhat secure network, this could be dangerous.
Setting up SSH is very easy to do, and it comes in very handy. ArchLinux has a terrific wiki entry, as usual, which speedifies things quite a bit. It is very straightforward, and I can certainly not do better here.
There is also a section for creating an encrypted SOCKS tunnel. Once the SSH on the client and SSHd on the host have been configured, creating the tunnel is a breeze. You just run a command:
$ ssh -ND 4711 user@host
and then configure your web browser:
- For Firefox: Edit Preferences Advanced Network Connection Setting:
- Check the “Manual proxy configuration” radio button, and enter “localhost” in the “SOCKS host” text field, and then enter your port number in the next text field (I used 4711 above).
- Make sure you select SOCKS4 as the protocol to use. This procedure will not work for SOCKS5.
I created a bash alias “sshtunnel” as menoned in the wiki so I have less to type.
- Also worth mentioning, is that since my IP is dynamic, and my ssh host computer is behind a router, I have to have some kind of way to broadcast my REAL ip externally. So, I wen on over to DynDNS.com and set up a free account for a subdmain. Then I just configured my router to forward my ssh port, as well as tell it to update DynDNS with my real IP address when it changes (It has been a built-in feature with my current Netgear as well as my past LinkSys routers).
- Very simple, over all. And it can definitely come in handy. I have @NYBill to thank again, he reminded me I needed to finish setting this up.
Posted by: jamba
Tags: #arch #encrypted #linux #ssh #tether #tunnel
Published Date: Tue, 20 Jul 2010 02:59:13 +0000
original filename: 128