SSH Proxy
Often you might have noticed that offices block personal email accounts as they have firewall implemented. Every time you try to open a website such as "gmail.com", "facebook.com" and you see policy notice indicating you cannot access as blah..blah...blah..
No worries. There's a a work around. So lets start with the pre-requisites.
Pre-requisites
- Basic knowledge of Networking (IP Address e.g. 192.x.x.x, Netmask 255.x.x.)
- Knowledge of terms such as routers, firewall and modems etc.e
- An installed operating system such as Winxp, Windows Vista, Windows 7 (32 or 64bit) or a linux machine preferably Ubuntu (my choice) or your choice.
- Your home machine should remain online at all times (24/7) or atleast for the time you are not at home.
- You should know the username and password of your router that was provided by your ISP. Normally the default username is "admin" and password is "admin", "passw0rd", "admin123" etc. It is advisable to change your default password to something more complicated.
- Setup Dynamic DNS Service with dyndns or noip etc (look for other free alternatives as well click link for google search returns). I have setup with dyndns.com. You can go on these sites and register with username and password independently. Check for free options.
Windows - Downloads
- Download MobaSSH for windows (link to download)
- Download Putty for windows (link to download)
Preparing our Router
Step 1: Lets start now. On your windows machine click start and in the search window type "cmd" and when you see results click the one with "cmd.exe".
Step 2: On your windows OS Type ipconfig /all in the command line window. Your window should look something like below based on OS. Take a note of physical address, ip address and default gateway. Your ip address should look like 192.168.x.x and gateway should be 192.168.x.1. I am on LAN with cable so you see ethernet adapter. If you are on wireless it should show you wireless device.
Step 4: Go to Setup -> DDNS in your router and enter required fields that you did in Pre-requisites # 6. Save Changes.
Step 5: Make the ip address of your machine running SSH server static. Save Changes.
Step 6: Go to port forward settings in your router and add a rule as in the image below.
Application Name: SSH
Protocol: TCP
Source Net: keep blank
Port from: 22
IP Address (this is important) put the ip address of your machine that is running SSH server that you obtained in Step 2 above. Save all changes.
To test if the port forward was successful click link. In the port section write "22" and hit "Check Your Port". If you did everything correctly you should see "Green" or "Success". Else you may need to check your settings again.
Good we are all set with router. The reason why we need dynamic dns or no-ip service is your ISP (internet service provider) assigns you a dynamic ip that keeps on changing. Therefore we map the changing ip address to a static name and this service is provided by dyndns and no-ip kind of companies.
Good we are all set with router. The reason why we need dynamic dns or no-ip service is your ISP (internet service provider) assigns you a dynamic ip that keeps on changing. Therefore we map the changing ip address to a static name and this service is provided by dyndns and no-ip kind of companies.
Ok lets get to the next part now.
Preparing our Windows Machine
Step 1: Install MobaSSH with default settings. If it prompts for allowing on firewall of XP, Vista and Windows 7 always select "Allow". For more information see link.
Step 2: Check if the SSH Server is running from Windows Services.
Step 3: That's it!
Step 3: That's it!
Preparing our Office / Client Machine
I like chrome so I will demonstrate in chrome browser. But you can achieve this in any web browser.
Step 1: Copy the putty file on the office or the client machine. Open Putty.
Step 2: Enter your static host name that you registered with dyndns or no-ip.
Step 2: Expand the SSH in Putty and enter tunnel information.
Step 3: Finally hit Save (Save button as showin in Step 2). It will prompt you for a profile name.
Step 4: Open Chrome Browser and go to chromestore. Click link and install Proxy Switchy for Chrome.
Step 5: After adding the tool to chrome. Do the following:
Step 6: Click "Extensions" on the left and look for "Proxy Switchy". Just type the same in your section as shown below.
So guys here we come to end of the setup. To test it take your office or client machine. Open putty and open the profile that you saved in Preparing your office Machine -> Step 3. Hit Open. You will be prompted for your computer's password. Key in password for the user id that you have used. You should see something (not exactly) like below:
Go to chrome and choose your proxy:
You are now logged in to your home via secure SSH connection. Click open any site that is blocked and you should be able to bypass the web filters and firewalls. The only exception is that your outgoing port 22 is blocked by your organization (which is a remote possibility).
This can also help you when you are at a public place and using public wifi networks use SSH proxy so that the traffic is encrypted and you atleast have some defence against the bad guys.
I will add linux based client/server as an update to this post.
Enjoy!
No comments:
Post a Comment