OpenSSH Port forwarding (SSH Tunnels) - One type of SSH port forwarding involves redirecting traffic on a given port to a remote site. Encrypting the traffic between yourself and the remote SSH server. I find dynamic port forwarding to be the most useful type of SSH tunnel but I have to mention local port forwarding. The following will setup local port forwarding on port 1080 on your local host to a remote SSH server, with traffic on localhost on port 1080 being sent through the SSH tunnel to this website.
Local port forwarding
This type of port forwarding does however limit you to accessing a single website.
# ssh -fCNL 1080:openbsd.mywire.org:80 you@remoteserver.com
The -f tells SSH to fork into the background after connecting. The -C compresses data for a faster connection. The -N tells SSH not to execute any commands after connecting and the -L tells SSH to use local port forwarding.
Be sure after you are done using your SSH tunnel, to kill the connection.
# pgrep -f 1080 | xargs kill
You can now open your web browser and point it to localhost:1080 and your request will be forwarded though an encypted tunnel to my website. If you change the destination after the first connection, you may need to clear your browser cache. (Firefox) Menu --> Settings --> Privacy and security --> Clear History
Remote port forwarding
I am only going to briefly mention remote port forwarding here, the syntax is as follows
# ssh -fCNR 8080:127.0.0.1:3000 -N -f you@remotehost
This works in reverse of local port forwarding. If you wanted to give someone else access via an encrypted tunnel to your machine, they could type in serverip:8080 in their browser and tunnel traffic on this port to your port 3000. This may require you to set GatewayPorts to yes in /etc/ssh/sshd_config
Dynamic port forwarding
Finally, we have my favorite type of port forwarding, dynamic port forwarding. With this type of port forwarding, you can, by setting up proxy settings in Firefox, surf the web though your encrypted tunnel, encrypting all the traffic between you and the remote SSH server and then to your final destination. Let's set up the tunnel.
# SSH -fCND 1080 you@remoteserver.com
If you have trouble remembering the you@remoteserver.com bit, just put it in a text file (we'll call it proxy) and then type the following into your terminal
# cat proxy | xargs ssh -fCND 1080
Now you can use tools like curl (as well as your web browser) to access remote sites using your SSH tunnel. Here's an example with curl. To access a remote site that displays your IP address, accessing that site through your tunnel, thereby displaying the remote SSH servers address rather than your own. This is a good way to hide your IP address when accessing remote sites for the sake of privacy.
# curl -s --socks5 127.0.0.1:1080 checkip.amazonaws.com
To set up your Firefox browser to use the encrypted tunnel (or SOCKS5 proxy), in your browser go to --> Menu --> Settings --> Scroll all the way to the bottom and click Settings under Network Settings. Click the manual proxy configuration radio button and in the text box marked Socks Host, enter 127.0.0.1 and 1080 for the port. Now whenever you go to a site, it will be through your encrypted tunnel.
Once again, dont forget to close down your tunnel and terminate your connection when you're done using your tunnel
# pgrep -f 1080 | xargs kill
If you don't already have a remote SSH server, you can start by getting yourself a free 30 day SSH server account at sshmax.net or vpnjantit.com
Powered by OpenBSD httpd on a Raspberry Pi | This website is IPv6 enabled