Tuesday, February 26, 2008

Secure HTTP over SSH proxy with Putty

This articles explains how to set up your own SSH proxy for browsing the internet. It will allow you to encrypt your browser session, as well as hide your local IP from outsiders, which is more secure.

Please note that it is your responsibility to use the information in this article within the legal laws of your country. Some countries do not allow encryption of internet traffic, therefore you SHOULD NOT use this resource if you live in such a country. I live in Fiji and not one of those countries, therefore, I provide this information openly for those living in such countries.

Benefits of an HTTP over SSH Proxy

Once you've set up your proxy, all HTTP Requests from your country, to your remote server will be encrypted over SSH.

Your IP address as seen from the remote HTTP server you are connecting to (remote website) will be that of your remote SSH server, not your local computer. So to the remote site, it looks like you're in the country of your remote SSH server.

What would I use this for?

I use it every time I need pass over any sensitive information over an unsecured network, such wireless network, or internet cafe.

How Do I set up an HTTP over SSH Proxy

You will require a remote SSH server. If you purchase web hosting online, normally it will come with SSH access. If you purchase a shared hosting account, then you may have to ask for SSH access. Having a dedicated or VPS server will definitely come with SSH access.

You will also require an SSH client on your local computer. The one I use is Putty.

Setting up Putty to create an SSH tunnel

Once you have Putty installed, open it and under the session category, type in the IP address or Domain name of your remote server into the "Host Name" field.

In the Category open up the Connection Tree. Connection -> SSH -> Tunnels. Under Tunnels you will have "Add new forward port". For source port, type in a free port number. eg: 3000.

Choose the dynamic option under Destination, and click the Add button. You should have D3000 listed under the Forwarded ports list.

Now go back to the Session category and click the open button to start the SSH session. You should now have port 3000 on your local machine bound to the putty session. It will listen for any incoming traffic and forward it on.

Setting up your browser to use the SSH tunnel as its proxy

I use Firefox, but this could easily be done with IE6 or IE7 also. In Firefox click on the Tools Tab.

  • Tools -> Options -> Advanced -> Network
  • Under Connection click on the Settings button
  • Choose Manual Proxy configuration, and SOCKS v5
  • Fill in localhost for the host, and 3000 for the port
  • Click OK and reload the page

Now you should be browsing the internet through your SSH proxy. To confirm this you can visit http://whatismyip.com/ and view your IP. It should change when you switch between using the Socks Proxy and using a direct connection to the internet.

You can also type 'whois IP', into your SSH console to view the details for your IP. Where IP is your IP seen by whatismyip.com.

Now you can worry a bit less about your online privacy.


jevgen said...

What I am doing wrong on a Mac?
I mapped Remote SSH login port 22 on AirPort to 3000 on local machine. I created SSH tunnel to port 22 on VPS server and said to SOCKS and Web to use port 3000 as a proxy in Network Settings for proxy. All I get is "protocol mismatch error in browser". Should I map 80 to 3000 and use 80 on remote vps host instead?

araon said...

Your blog is really cool! I will wait when you finish. Thank you for interesting articles.
more templates easy to download