HostOnNet Blog


Browse Securely with SSH Tunnel on Ubuntu

Browsing over normal internet connection is not safe as network traffic is sent as pain text (no encryption). If anyone decided to get your password, they can by monitoring your traffic.

This is important if you are using sites that have no SSL certificates installed. When you login to a site with SSL certificate installed, all traffic between you and web server is encrypted, so no one can steal your passwords.

To use SSH Tunnel, you need Shell account on a Linux VPS or Server. All tarffic form your PC to Server goes trough SSH connection, default is port 22. SSH traffic is encrypted, so no one will be able to know what you doing.

Starting SSH Tunnel

To use SSH tunnel, we need following information.

Server IP: SERVER_IP_ADDR
Port: SSH_PORT
User: SSH_USER_NAME
Pass: SSH_PASSWORD

To connect, run following command in Terminal.

/usr/bin/ssh -f -N -p SSH_PORT SSH_USER_NAME@SERVER_IP_ADDR -D 7070

It will ask password, enter password.

Example

boby@fwhlin:~ $ /usr/bin/ssh -f -N -p 3333 boby@198.27.105.230 -D 7070
boby@198.27.105.230's password: 
boby@fwhlin:~ $

In the command -D 7070 specifies port on which SSH Tunnel will listen for traffic on your PC. To verify this Port is open, run

boby@fwhlin:~ $ netstat -an | grep LISTEN | grep 7070
tcp        0      0 127.0.0.1:7070          0.0.0.0:*               LISTEN     
tcp6       0      0 ::1:7070                :::*                    LISTEN     
boby@fwhlin:~ $ 

Now you have SSH Tunnel ready to use. Next step is configure your browser to use SSH Tunnel.

Configure Browser

Start FireFox.

Go to

Preferences > Advanced > Network.

firefox_preferences_1

firefox_preferences_2

Click on Settings.

On next screen, select Manual proxy configuration

firefox_preferences_3

Under SOCKS Host enter

SOCKS Host: localhost
Port: 7070

Select the checkbox SOCKS v5.

Click OK.

Verify SSH Tunnel Working

To verify SSH Tunnel is working, visit

https://www.hostonnet.com/ip

You will see your SSH Tunnel Server IP instead of your actual IP if you configured SSH Tunnel properly.

Make DNS Work Through SSH

In firefox address bar, type

about:config

You get firefox config screen, in that search for

network.proxy.socks_remote_dns

Default value of this config is false, double click on it to make it true.

socks_remote_dns

WARNING

Since PROXY/Tunnel change your IP/Country, do not login to financial sites like Paypal, Banking sites etc.. with SSH Tunnel active. They will see you from differnt country than your normal country or billing location and treat you as a HACKER.


Posted in Windows