A Poor Man’s VPN: Proxy Web Connection to Remote Server (via SSH and Tunnel)

Did you ever have a situation where you needed to access a website that had an IP restriction in place? I recently had a situation where I needed to access the web via my university connection (due to IP restrictions placed on accessing databases of research papers). They do not have a VPN setup so it is hard to do this off-campus.

I do however have access to a linux machine on campus. I am familiar with port forwarding using SSH but I had never used it to actually tunnel web traffic using a web browser on Windows. Turns out it is surprisingly easy!

The ssh command to use is:

ssh -C2qTnN -D 8080 username@remote_host

This command sshes to the remote_host, and creates a tunnel on your localhost, port 8080. Note that you need to have private key authentication already set up for this host – it will not work with password authentication.

The description of the switches are (from the ssh man page):

  • -C : Compression
  • -2 : Use SSHv2
  • -q : quiet!
  • -T : Disable pseuto-tty allocation
  • -n : Prevents reading from stdin (you need to have private key authentication set up, to prevent password authentication)
  • -N : Do not execute a remote command (or launch a shell). Just use the ssh process for port forwarding
  • -D : Allocate a socket to listen on the local side. When a connection is made to this port it is located to the remote machine. Makes SSH work as a SOCKS server. Only root can forward privileged ports like this.

From here, you set up Firefox or your browser of choice to use a Socks proxy on localhost:8080. The man page says that SOCKS4 and SOCK5 should both work but I had to use SOCKS v4, SOCKS v5 did not seem to work for me.

10 replies
  1. Hadar Pedhazur
    Hadar Pedhazur says:

    This is very cool, thanks. For a single use, meaning for the one purpose you described above, a slightly simpler redirect is with the -L switch to ssh. That way, you don’t change any Firefox prefs (meaning, no SOCKS). You merely surf to localhost:8080, and the one site you specifically want the remote site to bring up magically comes up. I have used that many times.

  2. Hadar Pedhazur
    Hadar Pedhazur says:

    This is very cool, thanks. For a single use, meaning for the one purpose you described above, a slightly simpler redirect is with the -L switch to ssh. That way, you don’t change any Firefox prefs (meaning, no SOCKS). You merely surf to localhost:8080, and the one site you specifically want the remote site to bring up magically comes up. I have used that many times.

Trackbacks & Pingbacks

  1. […] as this is the most likely place it would be sniffed. You can get a cheap VPS at < $10 a month and proxy all of your traffic over SSH. Not the fastest method, but it will secure your […]

  2. Personal VPN says:

    What is Personal VPN ?…

    personal vpn……

  3. bubbl says:

    A Poor Man’s VPN: Proxy Web Connection to Remote Server (via SSH and Tunnel) – systemBash http://ff.im/-fwx31

  4. Dave Drager says:

    New blog post: A Poor Man’s VPN: Proxy Web Connection to Remote Server (via SSH and Tunnel) http://sysbash.com/4j

Comments are closed.